Access to Java class “byte” is prohibited.

This topic has 7 replies, 3 voices, and was last updated 3 weeks, 1 day ago by Jatinder Singh (AcceptingNewProjects).

  • Author
    Posts
  • #28230
     BillMair
    Participant

    In a groovy Script (OAth2 Access Token Modification), I’m trying to set a Authorization Header with the “Basic” scheme, like this:

    import org.forgerock.util.encode.Base64
    ....
    request.headers.add("Authorization", "Basic " + Base64.encode("user:test".bytes) )

    And getting the following exception:

    org.forgerock.openam.scripting.ThreadPoolScriptEvaluator:08/27/2020 02:07:37:140 PM CEST: Thread[http-bio-127.0.0.1-8080-exec-9394,5,main]: TransactionId[94db24b1-cd74-4a4c-8d8d-475af25ccab0-387545]
    ERROR: Script terminated with exception
    java.util.concurrent.ExecutionException: javax.script.ScriptException: javax.script.ScriptException: java.lang.SecurityException: Access to Java class "byte" is prohibited.
    ...

    I looked in the “Java class whitelist” and java.lang.Byte was there, I even added java.lang.Byte.TYPE to no avail.

    Product & Version: ForgeRock Access Management 6.5.2.2

    #28231

    Primitive types like byte doesn’t (or shouldn’t) need to be whitelisted. I tried reproducing this in v6.5.2.3 and was able to reproduce. However, it’s not a problem in v7 and works as intended. I don’t have an immediate answer but this may be a problem with the underlying Groovy Sandbox.

    #28232
     Scott Heger
    Participant

    Probably related to https://bugster.forgerock.org/jira/browse/OPENAM-16271 which would explain why it works in v7.

    #28233

    I forgot to link these bugs. Your issue might be related to the below JIRA bugs:

    https://bugster.forgerock.org/jira/browse/OPENAM-16271
    https://bugster.forgerock.org/jira/browse/OPENAM-4347

    So, the issue seem to have been resolved in v6.5.3+. If upgrading is not an answer in your scenario, you may want to open a ticket and see if a patch can be provided.

    Cheers,
    Jatinder

    #28234
     Scott Heger
    Participant

    lol

    #28236
    #28238
     BillMair
    Participant

    Adding byte to the whitelist solved it.

    #28249

    +1. Thanks for sharing.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?