Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11584

Ssoadm policy-import/export throws Guice error

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.1, 14.0.0, 14.1.0
    • Fix Version/s: 13.5.2, 14.1.2
    • Component/s: ssoadm
    • Labels:
    • Sprint:
      AM Sustaining Sprint 42
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      After fix for OPENAM-9749, policy-import no longer works.

      1. login to admin console
      2. on server instance's [Advanced] tab, add "ssoadm.disabled false" and click [Save] button
      3. access http://<host>:<port>/openam/ssoadm.jsp?cmd=policy-import

      Parameters:
      Name of realm*: /
      Server URL: http://<host>:<port>/openam
      Paste the contents of a valid JSON file export of policies. (There should be one in OPENAM-9749, however it doesn't need anything to generate the error).

      4-repro) you will see the following exception on the browser window (also reproducable with ssoadm):

      root cause
      
      org.apache.jasper.JasperException: An exception occurred processing JSP page /ssoadm.jsp at line 89
      
      86:                     "com.sun.identity.cli.AccessManager,com.sun.identity.federation.cli.FederationManager",
      87:                     "ssoadm",
      88:                     request.getContextPath() + "/ssoadm.jsp");
      89:             out.println(helper.getHTML(request, ssoToken));
      90:             Object[] param = {"0"};
      91:             out.println(MessageFormat.format(CLIConstants.JSP_EXIT_CODE_TAG, param));
      92: 
      
      
      Stacktrace:
      	org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:568)
      	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:470)
      	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
      	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      	org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
      	org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      	com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
      	org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43)
      	org.forgerock.openam.audit.servlet.AuditAccessServletFilter.doFilter(AuditAccessServletFilter.java:54)
      root cause
      
      com.google.inject.ConfigurationException: Guice configuration errors:
      
      1) Could not find a suitable constructor in org.forgerock.http.Client. Classes must have either one (and only one) constructor annotated with @Inject or a zero-argument constructor that is not private.
        at org.forgerock.http.Client.class(Unknown Source)
        while locating org.forgerock.http.Client
          for parameter 0 at org.forgerock.openam.cli.entitlement.PolicyImport.<init>(Unknown Source)
        while locating org.forgerock.openam.cli.entitlement.PolicyImport
      
      1 error
      	com.google.inject.internal.InjectorImpl.getProvider(InjectorImpl.java:1004)
      	com.google.inject.internal.InjectorImpl.getProvider(InjectorImpl.java:961)
      	com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013)
      	org.forgerock.guice.core.InjectorHolder.getInstance(InjectorHolder.java:72)
      	com.sun.identity.cli.SubCommand.execute(SubCommand.java:295)
      	com.sun.identity.cli.CLIRequest.process(CLIRequest.java:217)
      	com.sun.identity.cli.CLIRequest.process(CLIRequest.java:139)
      	com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:581)
      	com.sun.identity.cli.WebCLIHelper.processRequest(WebCLIHelper.java:151)
      	com.sun.identity.cli.WebCLIHelper.getHTML(WebCLIHelper.java:92)
      	org.apache.jsp.ssoadm_jsp._jspService(ssoadm_jsp.java:228)
      	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
      	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
      	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      	org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
      	org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      	com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
      	org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43)
      	org.forgerock.openam.audit.servlet.AuditAccessServletFilter.doFilter(AuditAccessServletFilter.java:54)
      

      Also reproducable via ssoadm CLI:

      ~/ssoadm/openam/bin/ssoadm policy-import --realm / --servername "http://am5.example.com:8080/openam" --jsonfile mypolicy.json --adminid amadmin --password-file ~/pw.txt
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                jeremy.cocks Jeremy Cocks
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: