This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Java call out access denied "org.apache.xml.security.register"

Posted on 06-10-2017 02:33 PM
Not applicable
Reply posted on --/--/---- --:-- AM

I am trying to encrypt a XML payload before sending it to service via REST.

The third party library I'm using for this purpose is Apache Santuario.

It's giving me the specified error message in java call out. I think it's a permission issue in apigee JVM. But can't resolve.

I'm using an enterprise account for doing this.

Thanks in advance.

@Dino can u help here please?

2 7 593
Topic Labels
7 REPLIES 7

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Please share the error.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi @SOURAV DAS , How did you upload your jar? you can upload your thirdparty jar in the below 3 ways
Using the resources API (recommended)
Bundle with the javacallout
Put it in the /opt/apigee/edge-gateway/lib/thirdparty (If you are on private-cloud)

There is a security.policy in the MP conf but if you had followed the above ways, it should work.
If you want to change the permissions you can update them using the CWC tokens.


Can you confirm?

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
Reply posted on --/--/---- --:-- AM

Hi @SOURAV DAS

Assuming you are using our public cloud enterprise account (and not trial), would be useful if you can give more info:

  1. How did you upload the jar ? Is it packaged within the proxy as Resource files?
  2. Have you added the Java callout policies in your proxy that depends on this 3rd party jar ?
  3. Can you confirm if this jar does not need other jars to perform its functions ?
  4. Have you tried to run your java method as a standalone program to see if it works as expected ?

Lastly (but surely not the least 🙂 ) - what is the error you are getting when you call the proxy ??

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to ssvaidyanathan
Reply posted on --/--/---- --:-- AM

Hi @Sai Saran Vaidyanathan,

Thanks for you reply. Please find below the ans w.r.t. to your questions,

1. I had a dummy API proxy with no Back End. And uploaded the JAR in resources.

2. I have added the Java Callout Policy in the API Proxy. The dependent JARs are also added in resources sectiont.

3. I checked and confirm that the the dependency JARs are also present.

4. Yes, I have tried running the application as standalone and it is working as expected. Moreover, this same API Proxy when deployed in Private Cloud no issues happen, I am getting response, but when deployed in public cloud enterprise account I am getting the error.

Please let me know if you need any further information on this.

Thanks,

Sourav

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@SOURAV DAS, If it is on cloud and you are using enterprise account and not trial, I think you should raise a support ticket.

0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

@SOURAV DAS this error is expected. Apigee has blocked certain Java packages from executing in the Java callout.

@Maruti Chand's option is the way to go.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi Guys,

Thanks a lot for your support. @Srinandan Sridhar, your answer gave the idea to look where for the answer to this. I think I have found a Solution.

The Santuario package was using some Java packages (java.security.SecurityManager instance), which I believe was disabled by Apigee. I found a patched version of the library which has this check disabled in it. I replaced the library with the patched one and it worked as expected.

https://mvnrepository.com/artifact/org.apache.santuario/xmlsec/534045-patched

Thanks,

Sourav

0 Likes