ACL in 11g

Similar Messages

• Problems setting up ACL in 11g

  Hello,
  we recently updated from 10g to 11g. In our db we have a job, which calls a procedure, which checks if all mails from our application have been sent probably, if not it sends out a mail via a different mail server to admins, so they can check what the issue was.
  This worked fine in 10g. In 11g I've learned I need to set up the ACL to be able to connect to the mail Server. This is what I've done:
  Since the job, mentioned above is running for user sys i set up the ACL for the user sys.
  begin
    if dbms_db_version.ver_le_10_2 then
      null;
    else
      begin
        dbms_network_acl_admin.drop_acl(
          acl =>         'apex-network.xml'
      exception
        when others then null;
      end;
      dbms_network_acl_admin.create_acl(
        acl =>         'apex-network.xml',
        description => 'Network-Connects for system check',
        principal =>   'SYS',
        is_grant =>    true,
        privilege =>   'connect'
      DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
        acl =>         'apex-network.xml',
        principal =>   'SYS',
        is_grant  =>   true,
        privilege =>   'resolve'
      dbms_network_acl_admin.assign_acl(
        acl =>         'apex-lcmcc-network.xml',
        host =>        '123.456.78.99'
    end if;
  end;
  show error
  commit;
  The statement completed successfully. And i checked if the access is granted with the following statement:
  SELECT
  FROM
    user_network_acl_privileges,
    TABLE(DBMS_NETWORK_ACL_UTILITY.DOMAINS('123.456.78.99'))
  ORDER BY
    DBMS_NETWORK_ACL_UTILITY.DOMAIN_LEVEL(column_value) desc,
    lower_port,                                             
    upper_port;
  I see now for the configured host and all subdomains user sys has the privillege resolve and connect granted.
  When i run the  procedure, which should sent the mails i still get the error ORA-24247: network access denied by access control list (ACL).
  Here is the relevant code from the procedure:
  BEGIN
            c := UTL_SMTP.OPEN_CONNECTION('123.456.78.99');
            UTL_SMTP.HELO(c, 'xxx.de');
            UTL_SMTP.MAIL(c, '[email protected]');
            UTL_SMTP.RCPT(c, p_rcpt);
            UTL_SMTP.OPEN_DATA(c);
            send_header('From',    p_from);
            send_header('To',      p_rcpt);
            send_header('Subject', p_subject);
            UTL_SMTP.WRITE_DATA(c, UTL_TCP.CRLF||p_message );
            UTL_SMTP.CLOSE_DATA(c);
            UTL_SMTP.QUIT(c);
          EXCEPTION
            WHEN utl_smtp.transient_error OR utl_smtp.permanent_error THEN
              BEGIN
                UTL_SMTP.QUIT(c);
              EXCEPTION
                WHEN UTL_SMTP.TRANSIENT_ERROR OR UTL_SMTP.PERMANENT_ERROR THEN
                  NULL; -- When the SMTP server is down or unavailable, we don't have
                        -- a connection to the server. The QUIT call will raise an
                        -- exception that we can ignore.
              END;
              raise_application_error(-20000,
                'Failed to send mail due to the following error: ' || sqlerrm);
          END;
  Please forgive me if i miss out important information you need to assist me in this endavor, i will try to deliver them shortly.
  Any sugesstions are much apreciated.
  Thanks in advance.

  >Since the job, mentioned above is running for user sys i set up the ACL for the user sys.
  SYS schema is reserved for Oracle maintenance & upgrades.
  You should NEVER make or modify objects within the SYS schema.

• Issue with ACL in 11g

  Hi ,
  I am executing the below script as SYS user
  dbms_network_acl_admin.create_acl
                                        acl           => 'utl_mail.xml'
                                       ,description   => 'email Access'
                                        ,principal     =>'PUBLIC'
                                        ,is_grant      => TRUE
                                        ,privilege     =>'connect'
                                        ,start_date    => NULL
                                        ,end_date      => NULL
  And i am getting the below error
  *ERROR at line 1: ORA-31003: Parent /sys/acls/ already contains child entry utl_mail.xml ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 252
  But there is no entry in DBA_NETWORK_ACLS  that corresponds to utl_mail.xml , but there is an entry for lie the following
  /sys/acls/mail_access.xml
  i am not able to get around this issue , help needed
  I am on Oracle 11g

  Hi,
  Raunaq wrote:
  Q1: will it not effect my work if i change it to utl_mail_new.xml?
  Q2:Does it have something to do with utl_mail.  package installed on my DB?
  A1: in my opinion no, you will not have any impact.
  A2: please see OTN form: https://forums.oracle.com/thread/1019669?start=0&tstart=0
  Thank you

• Trying to set up email in 11g

  I migrated a server + data + APEX application from 10g to 11g. Now my email sending is all messed up because of the ACL in 11g. I can't seem to figure out how to appease it. I have the smtp server correctly set in the parameters. Here is the procedure I'm trying to use (from http://www.morganslibrary.org/reference/pkgs/utl_smtp.html):
  CREATE OR REPLACE PROCEDURE send_email(
    pFromUser IN VARCHAR2,
    pToUser IN VARCHAR2,
    pSubject IN VARCHAR2 DEFAULT NULL,
    pBody IN VARCHAR2 DEFAULT NULL)
  IS
    conn          UTL_SMTP.CONNECTION;
    crlf          VARCHAR2(2)    := CHR(13) || CHR(10);
    EmailServer   VARCHAR2(60)   := 'mail.mt.net';
    mesg          VARCHAR2(4000) := 'Hello World';
    pwd           VARCHAR2(200)  := '{substituted}';
    SenderAddress VARCHAR2(200)  := '{substituted}';
    SenderName    VARCHAR2(50)   := 'Blair Christensen';
    pToList       VARCHAR2(4000);
    vToReceivers  VARCHAR2(200);
    uname         VARCHAR2(200);
  BEGIN
    conn:= utl_smtp.open_connection(EmailServer, 587);
    utl_smtp.ehlo(conn, EmailServer);
    --utl_smtp.helo( conn, EmailServer );
    utl_smtp.command(conn, 'AUTH LOGIN');
    utl_smtp.command(conn, utl_raw.cast_to_varchar2(
      utl_encode.base64_encode( utl_raw.cast_to_raw(uname))));
    utl_smtp.command(conn, utl_raw.cast_to_varchar2(
      utl_encode.base64_encode( utl_raw.cast_to_raw(pwd))));
    utl_smtp.mail(conn, SenderAddress);
    utl_smtp.rcpt(conn, pToList);
    mesg:= 'Date: '|| TO_CHAR(SYSDATE, 'DD MON RR HH24:MI:SS' )|| crlf ||
           'From: "' || SenderName || '" ' || SenderAddress || crlf ||
           'Subject: ' || pSubject || crlf ||
           'To: '|| pToList || crlf||
           pBody || crlf || crlf;
    utl_smtp.data(conn, mesg);
    utl_smtp.quit(conn);
  EXCEPTION
    WHEN OTHERS THEN
      RAISE_APPLICATION_ERROR(-20001,SQLERRM);
  END;
  /When I call it, I get the following error:
  Error starting at line 1 in command:
  exec send_email('--','--','Test','Test email')
  Error report:
  ORA-20001: ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at "APPS.SEND_EMAIL", line 40
  ORA-06512: at line 1Can anyone help me?
  To Oracle: Why isn't there a nice graphical tool to help administer this?

  Can someone please list out the syntax or packages necessary for USE with the DBMS_NETWORK_ACL_ADMIN package to enable email via UTL_SMTP and UTL_MAIL. THAT is the piece I can't find ANYWHERE.
  http://docs.oracle.com/cd/E14072_01/appdev.112/e10577/d_networkacl_adm.htm
  Is a great document for describing the DBMS_NETWORK_ACL_ADMIN package, but I don't have any idea how to apply THIS
  BEGIN
    DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl         => 'www.xml',
                                      description => 'WWW ACL',
                                      principal   => 'SCOTT',
                                      is_grant    => true,
                                      privilege   => 'connect');
    DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl       => 'www.xml',
                                         principal => 'SCOTT',
                                         is_grant  => true,
                                         privilege => 'resolve');
    DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl  => 'www.xml',
                                      host => 'www.us.oracle.com');
  END;
  COMMIT;to setting up email! What does 'www.xml' represent? What do I need to substitute to apply it for use with UTL_MAIL and UTL_SMTP? THAT's the part that ISN'T documented and makes this whole process so frustrating!

• Network ACLs topics after upgrade to 11g.

  Hi Group
  On my pre script upgrade from 10.2.0.4 to 11.1.0.7, a message appear on the final part of the log:
  WARNING: --> Database contains schemas with objects dependent on network
  packages.
  .... Refer to the 11g Upgrade Guide for instructions to configure Network ACLs.
  .... USER USR_COMP has dependent objects.
  .... USER USR_DEV has dependent objects.
  Really I don't know what to do on this issue.
  I've read the instructions and I have executed the following but I'm not sure it be right procedure:
  BEGIN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('netacl.xml',
  'Allow usage to the UTL network packages', 'USR_COMP', TRUE, 'connect');
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('netacl.xml' ,'USR_COMP', TRUE, 'resolve');
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('netacl.xml' ,'USR_DEV', TRUE, 'connect');
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('netacl.xml' ,'USR_DEV', TRUE, 'resolve');
  -- Specify which hosts this ACL applies to,
  -- for simplicity, we're saying all (*)
  -- You might want to specify certain hosts to lock this down.
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('netacl.xml','*');
  END;
  How can I validate that both users now have the correct privileges from the old version?
  Thanks in advance

  Hi,
  Refer thread:
  11g Upgrade - Network ACL
  Hope helps :)
  thanks,
  X A H E E R

• Oracle 11g XE not working with oracle BI publisher 10g after enabling ACL

  Hello,
  I previously work with oracle 10gXE and Oracle BI publisher 10g and it work fine. now i install oracle 11g XE and try to configure it with oracle Bi Publlisher, it show this error
  "ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1324 ORA-12570: TNS:packet reader failure" after runing the ACL package to neable network service.
  on the database.
  Please can any body tell be why this is not working. Tanx.

  You'll need to add the apex engine owner to the ACL (Access Control List). Depending on your version of apex the user name varies. i.e. 4.0 is APEX_040000
  See Joel's blog for info about the ACL and APEX.
  [http://joelkallman.blogspot.com/2010/10/application-express-network-acls-and.html]

• Assign ACL Error in Oracle 11g R1

  Hi,
       I am Using Oracle 11g Database Release 1 I have created a ACL in my Database, now I am trying to assign the acl using the below mentioned pl/sql script
  begin
       dbms_network_acl_admin.assign_acl (
            acl => 'utlpkg.xml',
       host => 'domainnet.com',
       lower_port => 1,
       upper_port => 10000);
            end;
  commit;
  Error is
  Error at line 1
  ORA-01403: no data found
  ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 477
  ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 410
  ORA-06512: at line 2
  The same Script I have run in another database it is working fine…
  I don’t know what is wrong ….
  Please advice ….
  Thank You
  SHAN

  Please, have a look to the following metalink note
  Ora-1403 When Trying to Create a Network Access Control List*
  Doc ID:  854083.1*
  Note, Only one ACL can be assigned to any host computer, domain, or IP subnet, and if specified, the TCP port range - from the doc here
  http://download.oracle.com/docs/cd/B28359_01/appdev.111/b28419/d_networkacl_adm.htm#BABDIGJC
  Furthermore, it looks like your host variable is a domain name, did you try to use a wildcard i.e. *.domainnet.com or give the exact host name ?
  Nicolas.

• 11g Upgrade - Network ACL

  I want to upgrade my oracle 10g database to 11g. the utlui112.sql script shows following -
  WARNING: --> Database contains schemas with objects dependent on network packages.
  .... Refer to the Upgrade Guide for instructions to configure Network ACLs.
  .... USER MDMSYS has dependent objects.
  According to documentation , it is not clear whether I need to install XML DB before upgrade or after upgrade to 11g.
  I run the following query and result is as follows -
  SQL >SELECT * FROM DBA_DEPENDENCIES WHERE referenced_name IN ('UTL_TCP','UTL_SMTP','UTL_MAIL','UTL_HTTP','UTL_INADDR')
  AND owner NOT IN ('SYS','PUBLIC','ORDPLUGINS');
  OWNER NAME TYPE REFERENCED_OWNER REFERENCED_NAME REFERENCED_TYPE
  REFERENCED_LINK_NAME DEPE
  MDMSYS MDM_JOB PACKAGE BODY PUBLIC UTL_TCP SYNONYM
  HARD
  MDMSYS MDM_JOB PACKAGE BODY MDMSYS UTL_TCP NON-EXISTENT
  Can someone plaease help on how I can configure the network ACLs?

  Hi ,
  You can grant to a network and not necessary to grant each machines IP details.
  Also this has to be granted to users or the principal is the schema who will be executing this utl_smtp.
  If there are multiple users, then you need to grant access to each user.
  You need to configure below steps to grant access to the user for utl operations.
  This is a new security feature to 11g.
  Please review below document :
  Oracle® Database Security Guide
  11g Release 1 (11.1)
  Part Number B28531-06
  4 Configuring Privilege and Role Authorization
  Managing Fine-Grained Access to External Network Services
  URL : http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/authorization.htm#CIHDAJDJ
  A example of the setting:
  =================
  If you are creating the ACL for the first time, you can directly go to step (d).
  Please replace the values in < > with your environment values.
  a. Drop the user privilege:(please run the below for all the users who are granted connect privilege).
  BEGIN
  DBMS_NETWORK_ACL_ADMIN.delete_privilege (
  acl => '<mailserver_acl.xml>',
  principal => '<MYUSER>',
  is_grant => FALSE,
  privilege => 'connect');
  COMMIT;
  END;
  b. Unassign the network details from ACL (The ip address are only example, please replace with the
  values you have specified)
  BEGIN
  DBMS_NETWORK_ACL_ADMIN.unassign_acl (
  acl => '<mailserver_acl.xml>',
  host => '<192.168.2.3>',
  lower_port => <25>,
  upper_port => <25>);
  COMMIT;
  END;
  c. Drop the ACL
  BEGIN
  DBMS_NETWORK_ACL_ADMIN.drop_acl (
  acl => '<mailserver_acl.xml>');
  COMMIT;
  END;
  d. Create the acl again fresh:
  BEGIN
  DBMS_NETWORK_ACL_ADMIN.create_acl (
  acl => 'mailserver_acl.xml',
  description => 'Mailserver ACL',
  principal => '<MYUSER>',
  is_grant => TRUE,
  privilege => 'connect',
  start_date => SYSTIMESTAMP,
  end_date => NULL);
  COMMIT;
  END;
  e. Assign the acl to the network:(please have the ip address modified to correct IP of the machine where this utl package is targetted run.)
  for example IP/hostname of mail server should be there for UTL_SMTP to execute.
  BEGIN
  DBMS_NETWORK_ACL_ADMIN.assign_acl (
  acl => 'mailserver_acl.xml',
  host => '<192.168.2.3>',
  lower_port => <25>,
  upper_port => <25>);
  COMMIT;
  END;
  f.Test the package.
  Thanks,
  Sathya

• ACL error when sending email from Oracle 11g

  Hi,
  It returned something like "error...ACL security" when I tried to send email from Oracle 11g. Is there any security thing that I need to release in Oracle 11g? I used to send emails from Oracle 10g and didn't find any problem.
  Thanks.
  Andy

  In Database 11g Oracle introduced Network Access Control Lists (ACLs) to protect the database from users using the many internet-capable packages such as UTL_INADDR, UTL_HTTP, UTL_TCP, etc.
  Read all about it in the docs and look at the code demos here:
  http://www.morganslibrary.org/library.html
  under DBMS_NETWORK_ACL_...

• Best way to avoid requirement for network ACL after upgrade to 11g

  Hi All,
  After upgrade from 10g to 11g, I found Network ACLs required to make code using SYS.UTL_SMTP to work. Otherwise there is an error: ORA-24247: network access denied by access control list (ACL).
  Do you know an elegant way to get rid of ACLs? I mean to open the network for all user's code, like it was on 10g, instead of checking what is actually needing it and doing specific ACLs for users. Database parameter disabling ACL restrictions seems natural option here, but it looks like Oracle not introduced such.
  Kind Regards,
  Artzaw

  I don't know of a way to disable ACLs, no.  I'd imagine that there probably is a hidden parameter that Oracle Support could direct you to.  I'm hard-pressed to imagine why you'd really want to disable that functionality, though.
  You can create an ACL that allows access to an arbitrary host on an arbitrary port (host => '*.*.*.*' and with NULL lower_port and upper_port values). 
  Justin

• Need help in utl_smtp and utl_tcp in 11g and ACL files

  Hi,
  Recnetly we migrated from 10g to 11g. The thing is I couldnnt able to get access on utl_smtp and utl_tcp packages. And I am getting the following errors.
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at "SYS.UTL_TCP", line 17
  ORA-06512: at "SYS.UTL_TCP", line 246
  ORA-06512: at "SYS.UTL_SMTP", line 115
  ORA-06512: at "SYS.UTL_SMTP", line 138
  ORA-06512: at "USWU48216.SEND_MAIL", line 19
  ORA-06512: at line 1
  After getting the above error I tried to configure ACL with below command, again its throwing error.
  exec dbms_network_acl_admin.add_privilege(acl => 'ACL_name.xml', principal => 'xxx', is_grant => TRUE, privilege => 'connect');
  ORA-31001: Invalid resource handle or path name "/sys/acls/ACL_name.xml"
  ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
  ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 247
  ORA-06512: at line 1
  Any ideas, please..
  Edited by: user6476691 on Nov 9, 2008 12:03 AM

  Sathish,
  Thats a good webstie.
  I created an xml file. After that, when I was trying to
  begin
  dbms_network_acl_admin.add_privilege (
  acl => 'utlpkg.xml',
  principal      => 'xxx123',
  is_grant      => TRUE,
  privilege      => 'connect',
  start_date      => null,
  end_date      => null);
  end;
  I am getting tthe following error....
  ORA-31001: Invalid resource handle or path name "/sy
  ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
  ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 79
  ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 401
  ORA-06512: at line 2
  Any inputs ??? plz....
  Edited by: user6476691 on Nov 9, 2008 7:48 PM

• 11g R1 upgrade issues - ACL, XDB, java ...

  Hi all
  just a general FYI for anyone who's interested.
  After hitting and working around bug #9078101 we had this obtuse message:
  ORA29516: Aurora assertion failure: Assertion failure at jol.c:1119
  JOL assertion failure: jol.c:1119 Not Cafe Babe
  The fix was to drop and reload the java class being called. :P This isn't in MOS, as far as i can tell.
  10.2.0.4 to 11.1.0.7 EE upgrade on HPUX 11.23.

  Check the following metalink notes.
  Note: 308377.1 - Ora-01031: Insufficient Privileges While Using Dbua During Upgrade, it might be applicable to your issue
  Note: 1030426.6 - How to Clean Up Duplicate Objects Owned by SYS and SYSTEM Schema

• Deployment exception while running a .jspx page in Jdev 11g 11.1.1.1.0

  I have a .jspx page that renders taskflows as dynamic regions. When I execute this exception is what I get.
  WARNING: [ComponentRule]{faces-config/component} Merge(oracle.adf.Table)
  <Aug 13, 2009 11:39:47 AM IST> <Warning> <HTTP> <BEA-101162> <User defined listener com.sun.faces.config.ConfigureListener failed: java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase.
  java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
       at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase.<init>(JSFLifecycle.java:22)
       at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle.<clinit>(JSFLifecycle.java:40)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.<init>(ADFPhaseListener.java:241)
       at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.<init>(ADFLifecyclePhaseListener.java:26)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       Truncated. see log file for complete stacktrace
  >
  <Aug 13, 2009 11:39:47 AM IST> <Warning> <HTTP> <BEA-101162> <User defined listener oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack failed: java.lang.NullPointerException.
  java.lang.NullPointerException
       at oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack.contextDestroyed(ADFConfigLifeCycleCallBack.java:122)
       at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:482)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.EventsManager.notifyContextDestroyedEvent(EventsManager.java:200)
       Truncated. see log file for complete stacktrace
  >
  Aug 13, 2009 11:39:47 AM oracle.mds.internal.lcm.logging.MDSLCMLogger log
  INFO: MBean: oracle.mds.lcm:name=MDSAppRuntime,type=MDSAppRuntime,Application=UI deregistered
  Aug 13, 2009 11:39:47 AM oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener postStop
  INFO: ADFApplicationLifecycleListener.postStop
  Aug 13, 2009 11:39:47 AM oracle.adf.share.config.ADFConfigFactory cleanUpApplicationState
  INFO: Cleaning up application state
  <Aug 13, 2009 11:39:47 AM IST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1250143764562' for task '2'. Error is: 'weblogic.application.ModuleException: '
  weblogic.application.ModuleException:
       at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1376)
       at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:452)
       at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
       at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
       Truncated. see log file for complete stacktrace
  java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
       at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase.<init>(JSFLifecycle.java:22)
       at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle.<clinit>(JSFLifecycle.java:40)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.<init>(ADFPhaseListener.java:241)
       at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.<init>(ADFLifecyclePhaseListener.java:26)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       Truncated. see log file for complete stacktrace
  >
  <Aug 13, 2009 11:39:47 AM IST> <Error> <Deployer> <BEA-149202> <Encountered an exception while attempting to commit the 1 task for the application 'UI'.>
  <Aug 13, 2009 11:39:47 AM IST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'UI'.>
  <Aug 13, 2009 11:39:47 AM IST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
  weblogic.application.ModuleException:
       at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1376)
       at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:452)
       at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
       at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)
       Truncated. see log file for complete stacktrace
  java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
       at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase.<init>(JSFLifecycle.java:22)
       at oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle.<clinit>(JSFLifecycle.java:40)
       at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.<init>(ADFPhaseListener.java:241)
       at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.<init>(ADFLifecyclePhaseListener.java:26)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       Truncated. see log file for complete stacktrace
  >
  [11:39:47 AM] Weblogic Server Exception: weblogic.application.ModuleException:
  [11:39:47 AM] Caused by: java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
  [11:39:47 AM] See server logs or server console for more details.
  oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
  oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed[11:39:47 AM] #### Deployment incomplete. ####
       at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:341)
       at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:235)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
       at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
       at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:442)
       at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
       at oracle.jdevimpl.runner.adrs.AdrsStarter$6$1.run(AdrsStarter.java:1469)
  Caused by: oracle.jdeveloper.deploy.DeployException: oracle.jdeveloper.deploy.DeployException: Deployment Failed
       at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.redeployApplications(Jsr88DeploymentHelper.java:627)
       at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.doDeploymentAction(Jsr88RemoteDeployer.java:315)
       ... 11 more
  Caused by: oracle.jdeveloper.deploy.DeployException: Deployment Failed
       at oracle.jdevimpl.deploy.common.Jsr88DeploymentHelper.redeployApplications(Jsr88DeploymentHelper.java:608)
       ... 12 more
  #### Cannot run application UI due to error deploying to DefaultServer.
  [Application UI stopped and undeployed from Server Instance DefaultServer]

  I was facing a similar error, the problem was because of adf-controller.jar. My error was :
  java.lang.IllegalAccessError: tried to access method oracle.adf.controller.v2.lifecycle.Lifecycle$Phase.<init>(Ljava/lang/String;)V from class oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase
  The jar's 10g edition has  (1st part)oracle.adf.controller.v2.lifecycle.Lifecycle$Phase and 11g edition has (2nd part) oracle.adfinternal.controller.faces.lifecycle.JSFLifecycle$JSFPhase. So I created my own jar extracting both jars at one place using the following command
  jar -cf adf-controller.jar .
  This solved my problem.
  Hope you get the idea. The best way to face these type of errors is opening the archive and checking for the files for which the compiler is complaining.

• Error in starting BI Scheduler service in OBIEE 11g

  Hello All,
  I am working on OBIEE 11g. When I am trying to start up services by login into Enterprise Manager it is giving following error to start Bi Schedulers i.e. coreapplication_obisch1.
  Module:    oracle.bi.management.sysmancommon
  Message: Error in starting component: oracle instance: instance1, component: coreapplication_obisch1
  Supplemental Detail:
  oracle.bi.management.adminservices.opmn.ProcessControlException: Operation Failed: start; OracleInstance: instance1; Component: coreapplication_obisch1; msg: 0 of 1 processes started.
  at oracle.bi.management.adminservices.opmn.OpmnProcessController.start(OpmnProcessController.java:145)
  at oracle.bi.management.adminservices.model.impl.ProcessManagerProxyImpl.start(ProcessManagerProxyImpl.java:62)
  at oracle.bi.management.adminservices.mbeans.impl.BIComponentMBeanImpl.start(BIComponentMBeanImpl.java:172)
  at oracle.bi.management.adminservices.mbeans.impl.BIComponentMBeanImpl.start(BIComponentMBeanImpl.java:157)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.doInvoke(OracleStandardEmitterMBean.java:1012)
  at oracle.adf.mbean.share.AdfMBeanInterceptor.internalInvoke(AdfMBeanInterceptor.java:104)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
  at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalInvoke(AbstractMBeanSecurityInterceptor.java:190)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor$2.run(JpsJmxInterceptor.java:358)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalInvoke(JpsJmxInterceptor.java:374)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
  at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalInvoke(ContextClassLoaderMBeanInterceptor.java:103)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
  at oracle.as.jmx.framework.generic.spi.interceptors.MBeanRestartInterceptor.internalInvoke(MBeanRestartInterceptor.java:116)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
  at oracle.as.jmx.framework.generic.spi.interceptors.LoggingMBeanInterceptor.internalInvoke(LoggingMBeanInterceptor.java:524)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:252)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.invoke(OracleStandardEmitterMBean.java:924)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
  at weblogic.management.mbeanservers.domainruntime.internal.FederatedMBeanServerInterceptor.invoke(FederatedMBeanServerInterceptor.java:349)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
  at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:263)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
  at weblogic.management.mbeanservers.internal.SecurityMBeanMgmtOpsInterceptor.invoke(SecurityMBeanMgmtOpsInterceptor.java:65)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
  at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
  at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
  at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
  at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
  at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
  at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
  at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1367)
  at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
  at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
  at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
  at javax.management.remote.rmi.RMIConnectionImpl_1035_WLStub.invoke(Unknown Source)
  at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
  at weblogic.management.remote.wlx.ClientProvider$WLXMBeanServerConnectionWrapper.invoke(ClientProvider.java:291)
  at weblogic.management.remote.wlx.ClientProvider$WLXMBeanServerConnectionWrapper.invoke(ClientProvider.java:291)
  at oracle.sysman.emai.model.bi.impl.JmxUtil.invokeMethod(JmxUtil.java:184)
  at oracle.sysman.emai.model.bi.mbean.AvailabilityAssistant.processComponent(AvailabilityAssistant.java:636)
  at oracle.sysman.emai.model.bi.mbean.AvailabilityAssistant.startComponent(AvailabilityAssistant.java:596)
  at oracle.sysman.emai.view.bi.AvailabilityView.startComponent(AvailabilityView.java:421)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.sysman.emas.sdk.progress.WorkWrapper.run(WorkWrapper.java:96)
  at java.lang.Thread.run(Thread.java:662)
  Please guide me on this. Because I am unable to login into Analytics and I think its due to as BI Schedulers are not getting up.
  Thank You.
  Regards,
  Meghana

  Hi sateesh,
  Seems your database listerner and opmnctl is down....first start these in your services pane and then try starting your BI server....but keep in mind close the admin tool if it is open .
  This might also help [http://gerardnico.com/wiki/dat/obiee/start_11g]
  By,
  KK

• How can I add an admin user in Oracle Unified Directory (OUD) 11g r2?

  I'm using OUD 11G R2. I just installed OUD with the default setting and setup an instance.  I tried to add an admin user with the command:
      ./ldapmodify -h localhost -p 1389 -D "cn=Directory Manager" -w password --defaultAdd --filename admin.ldif
  Here is the content of admin.ldif
      dn: cn=oimuser,cn=Root DNs,cn=config
      objectClass: inetOrgPerson
      objectClass: person
      objectClass: top
      objectClass: ds-cfg-root-dn-user
      objectClass: organizationalPerson
      userPassword: Oracle123
      cn: oimuser
      sn: oimuser
      ds-cfg-alternate-bind-dn: cn=oimuser
      givenName: OIM User
      ds-privilege-name: -config-read
      ds-privilege-name: -config-write
      ds-privilege-name: -backend-backup
      ds-privilege-name: -backend-restore
      ds-privilege-name: -data-sync
      ds-privilege-name: -disconnect-client
      ds-privilege-name: -jmx-notify
      ds-privilege-name: -jmx-read
      ds-privilege-name: -jmx-write
      ds-privilege-name: -ldif-export
      ds-privilege-name: -ldif-import
      ds-privilege-name: -modify-acl
      ds-privilege-name: -privilege-change
      ds-privilege-name: -proxied-auth
      ds-privilege-name: -server-restart
      ds-privilege-name: -server-shutdown
      ds-privilege-name: -update-schema
      ds-privilege-name: -cancel-request
  I got the error as below:
  The provided entry cn=oimuser,cn=Root DNs,cn=config cannot be added because its suffix is not registered with the network group network-group
  Would you please advise how I can fix that? Thanks

  I got the reason. cn=config is an administrative suffix.
  In general, direct LDAP access to the administrative suffixes (using
  the ldap* utilities) is discouraged. In most cases, it is preferable
  to use the dedicated administrative command-line utilities to access
  these suffixes.
  If you must use the ldap* commands to access the administrative
  suffixes, you must use the administration connector port (with the
  --useSSL or -Z option).
  It works when I use the command:
      ./ldapmodify -h localhost -p 4444 -D "cn=Directory Manager" -w Oracle123 --defaultAdd -Z --filename admin.ldif
  You can verify it by:
      ./ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password --useSSL -b "cn=root DNs,cn=config" "cn=oimuser"