Policy import failed in delete_existing mode in OES 10g

Refer my previous posts on export and import the entire policy data here and application specific data here in OES 10g.

Today when I was importing the application specific exported policy XML using policyIX.sh command I got the errors in the command output as shown below.

$ ./policyIX.sh -import -disableTransaction ../config/policyIX_config.xml policies_oes.xml
Uploading file:/opt/oracle/bea/wls10_3/ales32-admin/bin/../config/policyIX_config.xml
Upload complete
Uploading file:/opt/oracle/bea/wls10_3/ales32-admin/bin/policies_oes.xml
Upload complete
Importing Application RootOrg!MahendraOrg!SampleOESApplication …
    Importing resources …
        Removing resource //resources/HomePage and all its dependencies
Policy Propagation is terminated
failed to create application RootOrg!MahendraOrg!SampleOESApplication for
 failed to create resource //resources/HomePage for
 Failed to remove child resource

The log file shows below errors.

2012-08-29 01:27:13,424 [JettySSLListener1-0] ERROR com.bea.security.blmws.tml.BlmResourceManager – ‘Node cannot be deleted because it is in production and its applicat
ion was unbound from engine.You may delete it by deleting its application
com.bea.security.psl.exception.PersistenceDBObjRefException: ‘Node cannot be deleted because it is in production and its application was unbound from engine.You may delete it by deleting its application

……….

……….

………..

2012-08-29 01:27:13,576 [Thread-36] ERROR com.ales.policypropagation.process.impl.EntitlementsWriter – failed to create resource //resources/HomePage f
or
 Failed to remove child resource
2012-08-29 01:27:13,577 [Thread-36] ERROR com.ales.policypropagation.process.impl.EntitlementsWriter – failed to create application RootOrg!MahendraOrg!SampleOESApplication for
 failed to create resource //resources/HomePage _INFO for
 Failed to remove child resource
2012-08-29 01:27:13,577 [Thread-36] ERROR com.ales.policypropagation.PolicyPropagation – failed to create application RootOrg!MahendraOrg!SampleOESApplication for
 failed to create resource //resources/HomePage for
 Failed to remove child resource
com.ales.policypropagation.common.PolicyPropagationException: failed to create application RootOrg!MahendraOrg!SampleOESApplication for
 failed to create resource //resources/HomePage for
 Failed to remove child resource

The policy configuration file policyIX_config.xml contains the policy_load_procedure flag set to delete_existing. The tag element is shown below.

<import_configuration>
<policy_load_procedure value=”override”/>
</import_configuration>

override – This will add policy to already existing policy
delete_existing – This will delete the policy being imported from destination before importing new policy

So as an alternative soultion I modified the flag to override and ran the policyIX.sh for import and it is succesful. However I could not find the root cause why it failed to remove resources and its child resources to create newly.

But my problem is resolved and that’s what matters 🙂

The sample output of policyIX.sh with policy_load_procedure flag set to override is shown below.

$ ./policyIX.sh -import -disableTransaction ../config/policyIX_config.xml policies_oes.xml
Uploading file:/opt/oracle/bea/wls10_3/ales32-admin/bin/../config/policyIX_config.xml
Upload complete
Uploading file:/opt/oracle/bea/wls10_3/ales32-admin/bin/policies_oes.xml
Upload complete
Importing Application RootOrg!MahendraOrg!SampleOESApplication …
Importing resources …
all resources finished
Importing action and action groups …
all action and action groups finished
Importing dynamic attributes …
all dynamic attributes finished
Importing roles …
all roles finished
Importing policies …
all policies finished
Importing admin roles for scope RootOrg!MahendraOrg!SampleOESApplication …
0/3 admin roles finished
0/3 admin roles finished
0/3 admin roles finished
all admin roles finished
Policy Propagation is finished
$

Just to update with another workaround found for the same issue is by deleting the roles and policies for the resources manually and then importing the XML again. Therefore the policy_load_procedure value can still remain as delete_existing.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment: