[OPENAM-13574] Scripting class whitelist is missing classes after upgrade from 13.5.2 to 5.5.2 Created: 17/Sep/18  Updated: 25/Jul/19  Resolved: 25/Sep/18

Status: Closed
Project: OpenAM
Component/s: scripting, upgrade
Affects Version/s: 5.5.2
Fix Version/s: 5.5.2

Type: Bug Priority: Major
Reporter: Ľubomír Mlích Assignee: Adam Heath
Resolution: Fixed Votes: 0
Labels: EDISON, upgrade
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File diff.png    
Issue Links:
Depends
depends on OPENAM-13053 ScriptingService doesn't add the new ... Resolved
Target Version/s:
Sprint: AM Sustaining Sprint 55
Story Points: 2
Needs QA verification:
No
Functional tests:
Yes

 Description   

Bug description

TestScriptWithHttpClientSendMethod fails after upgrade from 13.5.2 to 5.5.2. Also ClaimsParameter test fails after upgrade with similar error. There are different whitelists for POLICY_CONDITION and for OIDC_CLAIMS. It is possible that all other whitelists are affected.

How to reproduce the issue

  1. install OpenAM 13.5.2
  2. Upgrade to AM 5.5.2-RC1
  3. run functional test TestScriptWithHttpClientSendMethod
Expected behaviour

test succeeds

Current behaviour

test fails, there is error

org.json.JSONException: JSONObject["GET"] not found.
	at org.json.JSONObject.get(JSONObject.java:498)
	at com.forgerock.openam.functionaltest.scripting.TestScriptWithHttpClientSendMethod.<cuppa test>(TestScriptWithHttpClientSendMethod.java:70)

and also there is another error in OpenAM debug logs

org.forgerock.openam.scripting.ThreadPoolScriptEvaluator:09/17/2018 09:21:45:532 AM UTC: Thread[http-bio-10.6.0.7-8080-exec-46,5,main]: TransactionId[d2cc4063-5c44-4b50-8c6a-b805968a5062-271330]
ERROR: Script terminated with exception
java.util.concurrent.ExecutionException: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator.evaluateScript(ThreadPoolScriptEvaluator.java:84)
	at org.forgerock.openam.entitlement.conditions.environment.ScriptCondition.evaluate(ScriptCondition.java:143)
	at org.forgerock.openam.entitlement.CachingEntitlementCondition.evaluate(CachingEntitlementCondition.java:111)
	at com.sun.identity.entitlement.Privilege.doesConditionMatch(Privilege.java:695)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.internalEvaluate(OpenSSOPrivilege.java:156)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.access$000(OpenSSOPrivilege.java:63)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:105)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:99)
	at com.sun.identity.session.util.RestrictedTokenContext.doUsing(RestrictedTokenContext.java:81)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.evaluate(OpenSSOPrivilege.java:98)
	at com.sun.identity.entitlement.PrivilegeEvaluator$PrivilegeTask.run(PrivilegeEvaluator.java:421)
	at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:335)
	at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:252)
	at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:198)
	at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:153)
	at org.forgerock.openam.entitlement.rest.EntitlementEvaluatorFactory$EntitlementEvaluatorWrapper.evaluateBatch(EntitlementEvaluatorFactory.java:58)
	at org.forgerock.openam.entitlement.rest.model.json.BatchPolicyRequest.dispatch(BatchPolicyRequest.java:46)
	at org.forgerock.openam.entitlement.rest.EntitlementEvaluatorFactory$EntitlementEvaluatorWrapper.routePolicyRequest(EntitlementEvaluatorFactory.java:71)
	at org.forgerock.openam.entitlement.rest.PolicyResource.actionCollection(PolicyResource.java:198)
	at org.forgerock.openam.entitlement.rest.PolicyResourceWithCopyMoveSupport.evaluate(PolicyResourceWithCopyMoveSupport.java:119)
	at sun.reflect.GeneratedMethodAccessor422.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:96)
	at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:65)
	at org.forgerock.json.resource.AnnotatedActionMethods.invoke(AnnotatedActionMethods.java:43)
	at org.forgerock.json.resource.AnnotatedActionMethods.invoke(AnnotatedActionMethods.java:31)
	at org.forgerock.json.resource.AnnotatedCollectionHandler.handleAction(AnnotatedCollectionHandler.java:63)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.lambda$filterAction$0(AuthorizationFilters.java:225)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:216)
	at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.filterAction(AuthorizationFilters.java:223)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.openam.rest.fluent.AuditFilter.filterAction(AuditFilter.java:81)
	at org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterAction(AuditFilterWrapper.java:52)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterAction(CrestLoggingFilter.java:66)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:49)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.AuthenticationEnforcer.filterAction(AuthenticationEnforcer.java:129)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:49)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:29)
	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:136)
	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:82)
	at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:177)
	at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:128)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
	at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:712)
	at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:618)
	at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:282)
	at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:146)
	at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:69)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:80)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
	at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)
	at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:62)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:74)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:259)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:112)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.convertException(RhinoScriptEngine.java:206)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:72)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:54)
	at org.forgerock.openam.scripting.StandardScriptEvaluator.evaluateScript(StandardScriptEvaluator.java:86)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator$ScriptExecutorTask.call(ThreadPoolScriptEvaluator.java:215)
	at org.forgerock.openam.audit.context.AuditRequestContextPropagatingCallable.call(AuditRequestContextPropagatingCallable.java:32)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	... 1 more
Caused by: org.mozilla.javascript.EvaluatorException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1)
	at org.mozilla.javascript.DefaultErrorReporter.runtimeError(DefaultErrorReporter.java:77)
	at org.mozilla.javascript.Context.reportRuntimeError(Context.java:913)
	at org.mozilla.javascript.Context.reportRuntimeError(Context.java:969)
	at org.mozilla.javascript.Context.reportRuntimeError1(Context.java:932)
	at org.mozilla.javascript.JavaMembers.<init>(JavaMembers.java:35)
	at org.mozilla.javascript.JavaMembers.lookupClass(JavaMembers.java:807)
	at org.mozilla.javascript.NativeJavaObject.initMembers(NativeJavaObject.java:54)
	at org.mozilla.javascript.NativeJavaObject.<init>(NativeJavaObject.java:44)
	at org.mozilla.javascript.NativeJavaObject.<init>(NativeJavaObject.java:34)
	at org.mozilla.javascript.WrapFactory.wrapAsJavaObject(WrapFactory.java:115)
	at org.mozilla.javascript.WrapFactory.wrap(WrapFactory.java:72)
	at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:236)
	at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1473)
	at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:815)
	at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:109)
	at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
	at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
	at org.mozilla.javascript.InterpretedFunction.exec(InterpretedFunction.java:120)
	at org.mozilla.javascript.Context.evaluateReader(Context.java:1110)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:69)
	... 8 more
Entitlement:09/17/2018 09:21:45:536 AM UTC: Thread[http-bio-10.6.0.7-8080-exec-46,5,main]: TransactionId[d2cc4063-5c44-4b50-8c6a-b805968a5062-271330]
ERROR: OpenSSOPrivilege.evaluate
com.sun.identity.entitlement.EntitlementException: Condition evaluation fails.
	at org.forgerock.openam.entitlement.conditions.environment.ScriptCondition.evaluate(ScriptCondition.java:163)
	at org.forgerock.openam.entitlement.CachingEntitlementCondition.evaluate(CachingEntitlementCondition.java:111)
	at com.sun.identity.entitlement.Privilege.doesConditionMatch(Privilege.java:695)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.internalEvaluate(OpenSSOPrivilege.java:156)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.access$000(OpenSSOPrivilege.java:63)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:105)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:99)
	at com.sun.identity.session.util.RestrictedTokenContext.doUsing(RestrictedTokenContext.java:81)
	at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.evaluate(OpenSSOPrivilege.java:98)
	at com.sun.identity.entitlement.PrivilegeEvaluator$PrivilegeTask.run(PrivilegeEvaluator.java:421)
	at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:335)
	at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:252)
	at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:198)
	at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:153)
	at org.forgerock.openam.entitlement.rest.EntitlementEvaluatorFactory$EntitlementEvaluatorWrapper.evaluateBatch(EntitlementEvaluatorFactory.java:58)
	at org.forgerock.openam.entitlement.rest.model.json.BatchPolicyRequest.dispatch(BatchPolicyRequest.java:46)
	at org.forgerock.openam.entitlement.rest.EntitlementEvaluatorFactory$EntitlementEvaluatorWrapper.routePolicyRequest(EntitlementEvaluatorFactory.java:71)
	at org.forgerock.openam.entitlement.rest.PolicyResource.actionCollection(PolicyResource.java:198)
	at org.forgerock.openam.entitlement.rest.PolicyResourceWithCopyMoveSupport.evaluate(PolicyResourceWithCopyMoveSupport.java:119)
	at sun.reflect.GeneratedMethodAccessor422.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:96)
	at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:65)
	at org.forgerock.json.resource.AnnotatedActionMethods.invoke(AnnotatedActionMethods.java:43)
	at org.forgerock.json.resource.AnnotatedActionMethods.invoke(AnnotatedActionMethods.java:31)
	at org.forgerock.json.resource.AnnotatedCollectionHandler.handleAction(AnnotatedCollectionHandler.java:63)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.lambda$filterAction$0(AuthorizationFilters.java:225)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:216)
	at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.filterAction(AuthorizationFilters.java:223)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.openam.rest.fluent.AuditFilter.filterAction(AuditFilter.java:81)
	at org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterAction(AuditFilterWrapper.java:52)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterAction(CrestLoggingFilter.java:66)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:49)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.openam.rest.AuthenticationEnforcer.filterAction(AuthenticationEnforcer.java:129)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.Router.handleAction(Router.java:250)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
	at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:49)
	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:222)
	at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:29)
	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:136)
	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:82)
	at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:177)
	at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:128)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
	at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:712)
	at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:618)
	at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:282)
	at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:146)
	at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:69)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:80)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
	at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
	at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)
	at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)
	at org.forgerock.http.routing.Router.handle(Router.java:100)
	at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:62)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:74)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75)
	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:259)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:112)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.script.ScriptException: java.util.concurrent.ExecutionException: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator.evaluateScript(ThreadPoolScriptEvaluator.java:90)
	at org.forgerock.openam.entitlement.conditions.environment.ScriptCondition.evaluate(ScriptCondition.java:143)
	... 129 more
Caused by: java.util.concurrent.ExecutionException: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator.evaluateScript(ThreadPoolScriptEvaluator.java:84)
	... 130 more
Caused by: javax.script.ScriptException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1) in <Unknown source> at line number 1 at column number 0
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.convertException(RhinoScriptEngine.java:206)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:72)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:54)
	at org.forgerock.openam.scripting.StandardScriptEvaluator.evaluateScript(StandardScriptEvaluator.java:86)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator$ScriptExecutorTask.call(ThreadPoolScriptEvaluator.java:215)
	at org.forgerock.openam.audit.context.AuditRequestContextPropagatingCallable.call(AuditRequestContextPropagatingCallable.java:32)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	... 1 more
Caused by: org.mozilla.javascript.EvaluatorException: Access to Java class "org.forgerock.util.promise.PromiseImpl" is prohibited. (<Unknown source>#1)
	at org.mozilla.javascript.DefaultErrorReporter.runtimeError(DefaultErrorReporter.java:77)
	at org.mozilla.javascript.Context.reportRuntimeError(Context.java:913)
	at org.mozilla.javascript.Context.reportRuntimeError(Context.java:969)
	at org.mozilla.javascript.Context.reportRuntimeError1(Context.java:932)
	at org.mozilla.javascript.JavaMembers.<init>(JavaMembers.java:35)
	at org.mozilla.javascript.JavaMembers.lookupClass(JavaMembers.java:807)
	at org.mozilla.javascript.NativeJavaObject.initMembers(NativeJavaObject.java:54)
	at org.mozilla.javascript.NativeJavaObject.<init>(NativeJavaObject.java:44)
	at org.mozilla.javascript.NativeJavaObject.<init>(NativeJavaObject.java:34)
	at org.mozilla.javascript.WrapFactory.wrapAsJavaObject(WrapFactory.java:115)
	at org.mozilla.javascript.WrapFactory.wrap(WrapFactory.java:72)
	at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:236)
	at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1473)
	at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:815)
	at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:109)
	at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
	at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
	at org.mozilla.javascript.InterpretedFunction.exec(InterpretedFunction.java:120)
	at org.mozilla.javascript.Context.evaluateReader(Context.java:1110)
	at org.forgerock.openam.scripting.factories.RhinoScriptEngine.eval(RhinoScriptEngine.java:69)
	... 8 more


 Comments   
Comment by Peter Major [X] (Inactive) [ 17/Sep/18 ]

Duplicate of AME-16033? Or does that mean that AME-16033 wasn't correctly backported?

Comment by James Phillpotts [ 17/Sep/18 ]

Looks like a regression, as that issue was previously reported to be working: https://stash.forgerock.org/projects/OPENAM/repos/openam/pull-requests/5621/overview?commentId=428266

Comment by Ľubomír Mlích [ 17/Sep/18 ]

When I check
Configure -> Global Services -> Scripting -> Secondary Configuration -> POLICY_CONDITION -> Secondary Configurations -> EngineConfiguration
and compare them on both machines, I can see that class reported in debug message is on 5.5.2-RC1 and is not on 5.5.2-RC1 upgraded from 13.5.2. Please see diff.png

Comment by Adam Heath [ 24/Sep/18 ]

Looks like it could potentially be related to https://bugster.forgerock.org/jira/browse/OPENAM-13053 and a backport of at least some of those changes should be made to sustaining/5.5.x

Generated at Fri Nov 27 16:45:59 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.