We are experiencing the following errors with weblogic after instrumenting with APM for JMX metrics. This happens with some PROD servers but not others.
Warning Message: JMX-46335 (https://docs.oracle.com/cd/E23943_01/core.1111/e10113/chapter_j2ee_jmx_messages.htm)
####<Apr 26, 2021 10:01:52,272 PM EDT> <Error> <oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor> <va10tlvdkr304> <Cache_Server07> <apm-jmx-client-pool-2:worker thread-1> <<anonymous>> <> <c1689b72-7d62-47e0-b0ee-e0d815a39b72-0000000e> <1619488912272> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <J2EE JMX-46335> <MBean attribute access denied.
MBean: com.oracle:name=customEmptyMapping,context=default,type=OVD.MappersConfig,OVD=MappersConfig
Getter for attribute AttributeRules
Detail: Access denied. Required roles: Admin, Operator, Monitor, Deployer, executing subject: principals=[]
java.lang.SecurityException: Access denied. Required roles: Admin, Operator, Monitor, Deployer, executing subject: principals=[]
at oracle.as.jmx.framework.wls.spi.security.WLSMBeanSecurityHelper.checkConfigMBeanDefaultAccess(WLSMBeanSecurityHelper.java:271)
at oracle.as.jmx.framework.wls.spi.security.WLSConfigMBeanSecurityInterceptor.checkDefaultAccess(WLSConfigMBeanSecurityInterceptor.java:63)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkAccess(AbstractMBeanSecurityInterceptor.java:403)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.checkAttributeAccess(AbstractMBeanSecurityInterceptor.java:288)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalGetAttribute(AbstractMBeanSecurityInterceptor.java:128)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttribute(AbstractMBeanInterceptor.java:86)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$GetAttributeDelegator.delegate(JpsJmxInterceptor.java:634)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor$3.run(JpsJmxInterceptor.java:540)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:650)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.jpsInternalInvoke(JpsJmxInterceptor.java:558)
at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalGetAttribute(JpsJmxInterceptor.java:265)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttribute(AbstractMBeanInterceptor.java:86)
at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalGetAttribute(ContextClassLoaderMBeanInterceptor.java:63)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttribute(AbstractMBeanInterceptor.java:86)
at oracle.as.jmx.framework.generic.spi.interceptors.MBeanRestartInterceptor.internalGetAttribute(MBeanRestartInterceptor.java:67)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doGetAttribute(AbstractMBeanInterceptor.java:86)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.getAttribute(OracleStandardEmitterMBean.java:631)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterConfigMBean.getAttribute(OracleStandardEmitterConfigMBean.java:558)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(DefaultMBeanServerInterceptor.java:647)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(JmxMBeanServer.java:678)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$17.run(WLSMBeanServerInterceptorBase.java:466)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:464)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.getAttribute(JMXContextInterceptor.java:157)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$17.run(WLSMBeanServerInterceptorBase.java:466)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:464)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.getAttribute(SecurityInterceptor.java:294)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$17.run(WLSMBeanServerInterceptorBase.java:466)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.getAttribute(WLSMBeanServerInterceptorBase.java:464)
at weblogic.management.mbeanservers.internal.MBeanCICInterceptor.getAttribute(MBeanCICInterceptor.java:142)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$17.run(WLSMBeanServerInterceptorBase.java:466)
Release : 20.2
Component : Integration with APM
Customer use whitelist to prevent the agent from monitoring the JMX metrics resulting in the error.
introscope.agent.remotejmx.system.s1.mbeanPatternsWhiteList=ThreadPoolRuntime*:*;JDBCDataSourceRuntime*:*;
JMSDestinationRuntime*:*;WorkManagerRuntime*:*;ExecuteQueueRuntime*:*;EJBCacheRuntime*:*;EJBLockingRuntime*:*;
EJBPoolRuntime*:*;EJBTransactionRuntime*:*;JMSRuntime*:*;JMSPooledConnectionRuntime*:*;
JMSDurableSubscriberRuntime*:*;JMSServerRuntime*:*;JMSConnectionRuntime*:*;TransactionNameRuntime*:*;
TransactionResourceRuntime*:*;JTARuntime*:*;metrics*:*
introscope.agent.remotejmx.system.s1.mbeanPatternsBlackList=