[OPENAM-13574] Scripting class whitelist is missing classes after upgrade from 13.5.2 to 5.5.2 - ForgeRock JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.2
Fix Version/s: 5.5.2
Component/s: scripting, upgrade
Labels:
- EDISON
- upgrade

Target Version/s:

5.5.2
Rank:
1|hzwq13:

Sprint:
AM Sustaining Sprint 55
Story Points:
2

Needs QA verification:

No
Functional tests:

Yes

Description

Bug description

TestScriptWithHttpClientSendMethod fails after upgrade from 13.5.2 to 5.5.2. Also ClaimsParameter test fails after upgrade with similar error. There are different whitelists for POLICY_CONDITION and for OIDC_CLAIMS. It is possible that all other whitelists are affected.

How to reproduce the issue

install OpenAM 13.5.2
Upgrade to AM 5.5.2-RC1
run functional test TestScriptWithHttpClientSendMethod

Expected behaviour

test succeeds

Current behaviour

test fails, there is error

org.json.JSONException: JSONObject["GET"] not found.
	at org.json.JSONObject.get(JSONObject.java:498)
	at com.forgerock.openam.functionaltest.scripting.TestScriptWithHttpClientSendMethod.<cuppa test>(TestScriptWithHttpClientSendMethod.java:70)

and also there is another error in OpenAM debug logs

org.forgerock.openam.scripting.ThreadPoolScriptEvaluator:09/17/2018 09:21:45:532 AM UTC: Thread[http-bio-10.6.0.7-8080-exec-46,5,main]: TransactionId[d2cc4063-5c44-4b50-8c6a-b805968a5062-271330]
ERROR: Script terminated with exception
java.util.concurrent.ExecutionException: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator.evaluateScript(ThreadPoolScriptEvaluator.java:84)
	at org.forgerock.openam.entitlement.conditions.environment.ScriptCondition.evaluate(ScriptCondition.java:143)
	at org.forgerock.openam.entitlement.CachingEntitlementCondition.evaluate(CachingEntitlementCondition.java:111)
	at com.sun.identity.entitlement.Privilege.doesConditionMatch(Privilege.java:695)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.internalEvaluate(OpenSSOPrivilege.java:156)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.access$000(OpenSSOPrivilege.java:63)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:105)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:99)
	at com.sun.identity.session.util.RestrictedTokenContext.doUsing(RestrictedTokenContext.java:81)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.evaluate(OpenSSOPrivilege.java:98)
	at com.sun.identity.entitlement.PrivilegeEvaluator$PrivilegeTask.run(PrivilegeEvaluator.java:421)
	at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:335)
	at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:252)
	at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:198)
	at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:153)
	at org.forgerock.openam.entitlement.rest.EntitlementEvaluatorFactory$EntitlementEvaluatorWrapper.evaluateBatch(EntitlementEvaluatorFactory.java:58)
	at org.forgerock.openam.entitlement.rest.model.json.BatchPolicyRequest.dispatch(BatchPolicyRequest.java:46)
	at org.forgerock.openam.entitlement.rest.EntitlementEvaluatorFactory$EntitlementEvaluatorWrapper.routePolicyRequest(EntitlementEvaluatorFactory.java:71)
	at org.forgerock.openam.entitlement.rest.PolicyResource.actionCollection(PolicyResource.java:198)
	at org.forgerock.openam.entitlement.rest.PolicyResourceWithCopyMoveSupport.evaluate(PolicyResourceWithCopyMoveSupport.java:119)
	at sun.reflect.GeneratedMethodAccessor422.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:96)
	at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:65)
	at org.forgerock.json.resource.AnnotatedActionMethods.invoke(AnnotatedActionMethods.java:43)
	at org.forgerock.json.resource.AnnotatedActionMethods.invoke(AnnotatedActionMethods.java:31)
	at org.forgerock.json.resource.AnnotatedCollectionHandler.handleAction(AnnotatedCollectionHandler.java:63)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.lambda$filterAction$0(AuthorizationFilters.java:225)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:216)
	at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.filterAction(AuthorizationFilters.java:223)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.openam.rest.fluent.AuditFilter.filterAction(AuditFilter.java:81)
	at org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterAction(AuditFilterWrapper.java:52)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterAction(CrestLoggingFilter.java:66)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:49)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.AuthenticationEnforcer.filterAction(AuthenticationEnforcer.java:129)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:49)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:29)
	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:136)
	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:82)
	at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:177)
	at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:128)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
	at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:712)
	at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:618)
	at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:282)
	at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:146)
	at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:69)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:80)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
	at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)
	at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:62)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:74)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:259)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:112)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.convertException(RhinoScriptEngine.java:206)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:72)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:54)
	at org.forgerock.openam.scripting.StandardScriptEvaluator.evaluateScript(StandardScriptEvaluator.java:86)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator$ScriptExecutorTask.call(ThreadPoolScriptEvaluator.java:215)
	at org.forgerock.openam.audit.context.AuditRequestContextPropagatingCallable.call(AuditRequestContextPropagatingCallable.java:32)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	... 1 more
Caused by: org.mozilla.javascript.EvaluatorException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1)
	at org.mozilla.javascript.DefaultErrorReporter.runtimeError(DefaultErrorReporter.java:77)
	at org.mozilla.javascript.Context.reportRuntimeError(Context.java:913)
	at org.mozilla.javascript.Context.reportRuntimeError(Context.java:969)
	at org.mozilla.javascript.Context.reportRuntimeError1(Context.java:932)
	at org.mozilla.javascript.JavaMembers.<init>(JavaMembers.java:35)
	at org.mozilla.javascript.JavaMembers.lookupClass(JavaMembers.java:807)
	at org.mozilla.javascript.NativeJavaObject.initMembers(NativeJavaObject.java:54)
	at org.mozilla.javascript.NativeJavaObject.<init>(NativeJavaObject.java:44)
	at org.mozilla.javascript.NativeJavaObject.<init>(NativeJavaObject.java:34)
	at org.mozilla.javascript.WrapFactory.wrapAsJavaObject(WrapFactory.java:115)
	at org.mozilla.javascript.WrapFactory.wrap(WrapFactory.java:72)
	at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:236)
	at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1473)
	at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:815)
	at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:109)
	at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
	at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
	at org.mozilla.javascript.InterpretedFunction.exec(InterpretedFunction.java:120)
	at org.mozilla.javascript.Context.evaluateReader(Context.java:1110)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:69)
	... 8 more
Entitlement:09/17/2018 09:21:45:536 AM UTC: Thread[http-bio-10.6.0.7-8080-exec-46,5,main]: TransactionId[d2cc4063-5c44-4b50-8c6a-b805968a5062-271330]
ERROR: OpenSSOPrivilege.evaluate
com.sun.identity.entitlement.EntitlementException: Condition evaluation fails.
	at org.forgerock.openam.entitlement.conditions.environment.ScriptCondition.evaluate(ScriptCondition.java:163)
	at org.forgerock.openam.entitlement.CachingEntitlementCondition.evaluate(CachingEntitlementCondition.java:111)
	at com.sun.identity.entitlement.Privilege.doesConditionMatch(Privilege.java:695)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.internalEvaluate(OpenSSOPrivilege.java:156)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.access$000(OpenSSOPrivilege.java:63)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:105)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:99)
	at com.sun.identity.session.util.RestrictedTokenContext.doUsing(RestrictedTokenContext.java:81)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.evaluate(OpenSSOPrivilege.java:98)
	at com.sun.identity.entitlement.PrivilegeEvaluator$PrivilegeTask.run(PrivilegeEvaluator.java:421)
	at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:335)
	at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:252)
	at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:198)
	at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:153)
	at org.forgerock.openam.entitlement.rest.EntitlementEvaluatorFactory$EntitlementEvaluatorWrapper.evaluateBatch(EntitlementEvaluatorFactory.java:58)
	at org.forgerock.openam.entitlement.rest.model.json.BatchPolicyRequest.dispatch(BatchPolicyRequest.java:46)
	at org.forgerock.openam.entitlement.rest.EntitlementEvaluatorFactory$EntitlementEvaluatorWrapper.routePolicyRequest(EntitlementEvaluatorFactory.java:71)
	at org.forgerock.openam.entitlement.rest.PolicyResource.actionCollection(PolicyResource.java:198)
	at org.forgerock.openam.entitlement.rest.PolicyResourceWithCopyMoveSupport.evaluate(PolicyResourceWithCopyMoveSupport.java:119)
	at sun.reflect.GeneratedMethodAccessor422.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:96)
	at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:65)
	at org.forgerock.json.resource.AnnotatedActionMethods.invoke(AnnotatedActionMethods.java:43)
	at org.forgerock.json.resource.AnnotatedActionMethods.invoke(AnnotatedActionMethods.java:31)
	at org.forgerock.json.resource.AnnotatedCollectionHandler.handleAction(AnnotatedCollectionHandler.java:63)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.lambda$filterAction$0(AuthorizationFilters.java:225)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:216)
	at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.filterAction(AuthorizationFilters.java:223)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.openam.rest.fluent.AuditFilter.filterAction(AuditFilter.java:81)
	at org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterAction(AuditFilterWrapper.java:52)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterAction(CrestLoggingFilter.java:66)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:49)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.AuthenticationEnforcer.filterAction(AuthenticationEnforcer.java:129)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:49)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:29)
	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:136)
	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:82)
	at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:177)
	at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:128)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
	at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:712)
	at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:618)
	at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:282)
	at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:146)
	at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:69)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:80)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
	at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)
	at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:62)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:74)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:259)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:112)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.script.ScriptException: java.util.concurrent.ExecutionException: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator.evaluateScript(ThreadPoolScriptEvaluator.java:90)
	at org.forgerock.openam.entitlement.conditions.environment.ScriptCondition.evaluate(ScriptCondition.java:143)
	... 129 more
Caused by: java.util.concurrent.ExecutionException: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator.evaluateScript(ThreadPoolScriptEvaluator.java:84)
	... 130 more
Caused by: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.convertException(RhinoScriptEngine.java:206)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:72)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:54)
	at org.forgerock.openam.scripting.StandardScriptEvaluator.evaluateScript(StandardScriptEvaluator.java:86)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator$ScriptExecutorTask.call(ThreadPoolScriptEvaluator.java:215)
	at org.forgerock.openam.audit.context.AuditRequestContextPropagatingCallable.call(AuditRequestContextPropagatingCallable.java:32)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	... 1 more
Caused by: org.mozilla.javascript.EvaluatorException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1)
	at org.mozilla.javascript.DefaultErrorReporter.runtimeError(DefaultErrorReporter.java:77)
	at org.mozilla.javascript.Context.reportRuntimeError(Context.java:913)
	at org.mozilla.javascript.Context.reportRuntimeError(Context.java:969)
	at org.mozilla.javascript.Context.reportRuntimeError1(Context.java:932)
	at org.mozilla.javascript.JavaMembers.<init>(JavaMembers.java:35)
	at org.mozilla.javascript.JavaMembers.lookupClass(JavaMembers.java:807)
	at org.mozilla.javascript.NativeJavaObject.initMembers(NativeJavaObject.java:54)
	at org.mozilla.javascript.NativeJavaObject.<init>(NativeJavaObject.java:44)
	at org.mozilla.javascript.NativeJavaObject.<init>(NativeJavaObject.java:34)
	at org.mozilla.javascript.WrapFactory.wrapAsJavaObject(WrapFactory.java:115)
	at org.mozilla.javascript.WrapFactory.wrap(WrapFactory.java:72)
	at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:236)
	at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1473)
	at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:815)
	at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:109)
	at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
	at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
	at org.mozilla.javascript.InterpretedFunction.exec(InterpretedFunction.java:120)
	at org.mozilla.javascript.Context.evaluateReader(Context.java:1110)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:69)
	... 8 more

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

diff.png
182 kB
17/Sep/18 12:43 PM

Issue Links

depends on

OPENAM-13053 ScriptingService doesn't add the new values to whitelist during upgrade

Resolved

Scripting class whitelist is missing classes after upgrade from 13.5.2 to 5.5.2

Details

Description

Bug description

How to reproduce the issue

Expected behaviour

Current behaviour

Attachments

Attachments

Issue Links

Activity

People

Dates