[OPENAM-16563] Script evaluation logs invalid warning Created: 28/Jul/20  Updated: 29/Jul/20

Status: Open
Project: OpenAM
Component/s: debug logging, scripting
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Craig McDonnell Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: FRAAS
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Rank: 1|i01nwv:

 Description   

We're seeing some false-positive script evaluator warnings logged by AM in PaaS environments:

"Classname failed to match whitelist: 'org.forgerock.openam.auth.nodes.objAttrs'" 
"Classname failed to match whitelist: 'org.forgerock.guice.core.objAttrs'"

This occurs when evaluating the adminonboardingvalidate.javascript script:

var fr = new JavaImporter(
  org.forgerock.openam.auth.nodes,
  org.forgerock.guice.core
);

with (fr) {
  try {

    var realm = sharedState.get('realm');
    var username = sharedState.get('username');
    var identityProvider = InjectorHolder.getInstance(IdentityProvider);
    var identity = identityProvider.getIdentity(username, realm);
    var attrs = identity.getAttributes();
    
    if (!attrs.containsKey('fr-idm-inviteDate')) {
      throw new Error('Admin has no invite date');
    }

    if (attrs.containsKey('fr-idm-onboardDate')) {
      throw new Error('Admin has already been onboarded');
    }
    
    var objAttrs = { userName: username, mail: username };
    sharedState.put('objectAttributes', objAttrs);

    logger.message('AdminOnboarding: Validated admin during onboarding');
    outcome = 'true';

  } catch (e) {

    logger.error('AdminOnboarding: Failed to validate admin during onboarding');
    logger.error(e);
    outcome = 'false';

  }
}

Generated at Sat Feb 27 21:29:43 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.