Solved: Re: Java Callout Error : java.util.logging.Logging...

rohitkeshri · 06-03-2022 06:54 AM

Hi

I am trying to integrate with Braintree . For that I am using Java Callout . Apigee is giving error during execution. In the code we are not using logging.

APIGEE "access denied ("java.util.logging.LoggingPermission" "control")"

Java Callout Code :

public ExecutionResult execute(MessageContext messageContext, ExecutionContext executionContext) {
try {
.......
BraintreeGateway gateway = new BraintreeGateway(braintreeEnvironment, braintreeMerchantid, braintreePublicKey, braintreePrivateKey);
Transaction transaction = gateway.transaction().find(transactionId);

messageContext.setVariable(Constants.VAR_RESPONSE, transaction);
return ExecutionResult.SUCCESS;
} catch (Exception e) {
String errorString = e.getClass().getName() + ": " + e.getMessage();
messageContext.setVariable(Constants.VAR_ERROR, errorString);
return ExecutionResult.ABORT;
}
}

Regards

Rohit

dchiesa1

It sounds like you're using a Braintree JAR to connect from that Java callout, into the Braintree system. The Braintree JAR likely is the thing doing the logging via the java.util.logging classes. That isn't permitted by the Java callout permissions. In fact the Apigee gateway is sort of a minimalistic app server, which can host your logic, but there are limitations, including these permission issues you're seeing.

So what can you do?

If you want to use the Braintree JAR, then, host it externally. A Good way to do that is to run it in a Cloud Run instance, and connect from the Apigee gateway into the Cloud Run instance via ExternalCallout. This ExternalCallout thing will work well if you have Apigee X, but it does not work with Apigee Edge. For Apigee Edge you would need to use a ServiceCallout. In either case, this approach does require that you manage the externally hosted logic.
If you are open to it, integrate to the Braintree API directly. The documentation page even encourages this: "Skip the server SDK and integrate directly with our next-generation API." Braintree offers a GraphQL API, which is, of course, easy to connect to from within an Apigee proxy, either as a target, or via ServiceCallout. The only tricky part, as always, is the authentication. But that is documented too, in the Braintree docs.

Either of those should work.

View solution in original post

dchiesa1

It sounds like you're using a Braintree JAR to connect from that Java callout, into the Braintree system. The Braintree JAR likely is the thing doing the logging via the java.util.logging classes. That isn't permitted by the Java callout permissions. In fact the Apigee gateway is sort of a minimalistic app server, which can host your logic, but there are limitations, including these permission issues you're seeing.

So what can you do?

If you want to use the Braintree JAR, then, host it externally. A Good way to do that is to run it in a Cloud Run instance, and connect from the Apigee gateway into the Cloud Run instance via ExternalCallout. This ExternalCallout thing will work well if you have Apigee X, but it does not work with Apigee Edge. For Apigee Edge you would need to use a ServiceCallout. In either case, this approach does require that you manage the externally hosted logic.
If you are open to it, integrate to the Braintree API directly. The documentation page even encourages this: "Skip the server SDK and integrate directly with our next-generation API." Braintree offers a GraphQL API, which is, of course, easy to connect to from within an Apigee proxy, either as a target, or via ServiceCallout. The only tricky part, as always, is the authentication. But that is documented too, in the Braintree docs.

Either of those should work.

rohitkeshri

Hi,

Thanks for your response. We cannot host Braintree as separate cloud run instance and Graph QL is not our expertise. Could you help how we can resolve it using Java Callout. What we can do to overcome this permission issue? I believe there are some permission document reference https://docs.apigee.com/api-platform/reference/java-permission-reference. But not sure the steps. Please help

Regards

Rohit

yuriyl

which Apigee flavour you are using? Edge, OPDK, X, or Hybrid?

you can change Java Security permissions for OPDK or Hybrid.

rohitkeshri

Hi yuriyl,

We are using Apigee Edge and wanted to use Java callout for Braintree integration. Please suggest some work around how to avoid java.util.logging.LoggingPermission permission issue.

Regards

Rohit

dchiesa1

You cannot change the Java callout permissions on Apigee Edge.

My two suggestions above, are the best ideas I have for connecting in to Braintree form Apigee Edge.

rohitkeshri

Hi dchiesa1,

Thanks for your response. Due approved security reason, we cannot host Braintree separately. So we have only option to call Braintree inside APIGEE. That is our challenge .

Appreciate your suggestions!! Will that be any workaround you have in your mind.?

Regards

Rohit

Java Callout Error : java.util.logging.LoggingPermission