[OPENAM-11584] Ssoadm policy-import/export throws Guice error Created: 18/Aug/17  Updated: 27/Dec/17  Resolved: 30/Aug/17

Status: Resolved
Project: OpenAM
Component/s: ssoadm
Affects Version/s: 13.5.1, 14.0.0, 14.1.0
Fix Version/s: 13.5.2, 14.1.2

Type: Bug Priority: Major
Reporter: Jeremy Cocks Assignee: Mark de Reeper
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by OPENAM-10049 Cannot create circle of trust with ss... Closed
Regression
is caused by OPENAM-10125 LogWriter.<clinit> throws Guice error Resolved
Target Version/s:
Sprint: AM Sustaining Sprint 42
Story Points: 3
Needs backport:
No
Support Ticket IDs:
Verified Version/s:
Needs QA verification:
Yes
Functional tests:
No
Are the reproduction steps defined?:
Yes and I used the same an in the description

 Description   

After fix for OPENAM-9749, policy-import no longer works.

1. login to admin console
2. on server instance's [Advanced] tab, add "ssoadm.disabled false" and click [Save] button
3. access http://<host>:<port>/openam/ssoadm.jsp?cmd=policy-import

Parameters:
Name of realm*: /
Server URL: http://<host>:<port>/openam
Paste the contents of a valid JSON file export of policies. (There should be one in OPENAM-9749, however it doesn't need anything to generate the error).

4-repro) you will see the following exception on the browser window (also reproducable with ssoadm):

root cause

org.apache.jasper.JasperException: An exception occurred processing JSP page /ssoadm.jsp at line 89

86:                     "com.sun.identity.cli.AccessManager,com.sun.identity.federation.cli.FederationManager",
87:                     "ssoadm",
88:                     request.getContextPath() + "/ssoadm.jsp");
89:             out.println(helper.getHTML(request, ssoToken));
90:             Object[] param = {"0"};
91:             out.println(MessageFormat.format(CLIConstants.JSP_EXIT_CODE_TAG, param));
92: 


Stacktrace:
	org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:568)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:470)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
	org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
	com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
	org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43)
	org.forgerock.openam.audit.servlet.AuditAccessServletFilter.doFilter(AuditAccessServletFilter.java:54)
root cause

com.google.inject.ConfigurationException: Guice configuration errors:

1) Could not find a suitable constructor in org.forgerock.http.Client. Classes must have either one (and only one) constructor annotated with @Inject or a zero-argument constructor that is not private.
  at org.forgerock.http.Client.class(Unknown Source)
  while locating org.forgerock.http.Client
    for parameter 0 at org.forgerock.openam.cli.entitlement.PolicyImport.<init>(Unknown Source)
  while locating org.forgerock.openam.cli.entitlement.PolicyImport

1 error
	com.google.inject.internal.InjectorImpl.getProvider(InjectorImpl.java:1004)
	com.google.inject.internal.InjectorImpl.getProvider(InjectorImpl.java:961)
	com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013)
	org.forgerock.guice.core.InjectorHolder.getInstance(InjectorHolder.java:72)
	com.sun.identity.cli.SubCommand.execute(SubCommand.java:295)
	com.sun.identity.cli.CLIRequest.process(CLIRequest.java:217)
	com.sun.identity.cli.CLIRequest.process(CLIRequest.java:139)
	com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:581)
	com.sun.identity.cli.WebCLIHelper.processRequest(WebCLIHelper.java:151)
	com.sun.identity.cli.WebCLIHelper.getHTML(WebCLIHelper.java:92)
	org.apache.jsp.ssoadm_jsp._jspService(ssoadm_jsp.java:228)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
	org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
	com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
	org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43)
	org.forgerock.openam.audit.servlet.AuditAccessServletFilter.doFilter(AuditAccessServletFilter.java:54)

Also reproducable via ssoadm CLI:

~/ssoadm/openam/bin/ssoadm policy-import --realm / --servername "http://am5.example.com:8080/openam" --jsonfile mypolicy.json --adminid amadmin --password-file ~/pw.txt


 Comments   
Comment by Mark de Reeper [ 24/Aug/17 ]

Looking into issue, I think it was triggered by the change in OPENAM-10125 to fix the LogWriter guice error.

Comment by Mark de Reeper [ 24/Aug/17 ]

This bug also impacts the policy-export sub-command of ssoadm in the same way.

Comment by Ľubomír Mlích [ 06/Sep/17 ]

Reproduced in OpenAM 13.5.1 Build 15db0458c8 (2017-July-21 10:54) 

Verified in OpenAM 13.5.2-M5 Build 5266382344 (2017-September-01 14:43)

Comment by Ľubomír Mlích [ 06/Nov/17 ]

Can't verify in 14.1.2 until OPENAM-11056 is fixed there.

Generated at Thu Sep 24 14:18:43 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.