August 27, 2020 at 3:29 pm #28230BillMairParticipant
In a groovy Script (OAth2 Access Token Modification), I’m trying to set a Authorization Header with the “Basic” scheme, like this:
import org.forgerock.util.encode.Base64 .... request.headers.add("Authorization", "Basic " + Base64.encode("user:test".bytes) )
And getting the following exception:
org.forgerock.openam.scripting.ThreadPoolScriptEvaluator:08/27/2020 02:07:37:140 PM CEST: Thread[http-bio-127.0.0.1-8080-exec-9394,5,main]: TransactionId[94db24b1-cd74-4a4c-8d8d-475af25ccab0-387545] ERROR: Script terminated with exception java.util.concurrent.ExecutionException: javax.script.ScriptException: javax.script.ScriptException: java.lang.SecurityException: Access to Java class "byte" is prohibited. ...
I looked in the “Java class whitelist” and java.lang.Byte was there, I even added java.lang.Byte.TYPE to no avail.
Product & Version: ForgeRock Access Management 184.108.40.206August 27, 2020 at 10:21 pm #28231
Primitive types like
bytedoesn’t (or shouldn’t) need to be whitelisted. I tried reproducing this in
v220.127.116.11and was able to reproduce. However, it’s not a problem in
v7and works as intended. I don’t have an immediate answer but this may be a problem with the underlying Groovy Sandbox.August 27, 2020 at 10:29 pm #28232Scott HegerParticipant
Probably related to https://bugster.forgerock.org/jira/browse/OPENAM-16271 which would explain why it works in v7.August 27, 2020 at 10:29 pm #28233
I forgot to link these bugs. Your issue might be related to the below JIRA bugs:
So, the issue seem to have been resolved in
v6.5.3+. If upgrading is not an answer in your scenario, you may want to open a ticket and see if a patch can be provided.
August 27, 2020 at 10:30 pm #28234Scott HegerParticipant
- This reply was modified 3 weeks, 6 days ago by Jatinder Singh (AcceptingNewProjects).
lolAugust 27, 2020 at 10:34 pm #28236August 31, 2020 at 3:42 pm #28238BillMairParticipant
byteto the whitelist solved it.September 1, 2020 at 10:49 pm #28249
+1. Thanks for sharing.
You must be logged in to reply to this topic.