Java Callout Security Exception
When we are executing custom jar file in apigee getting following exception,
Exception Occured :java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
Note:All variables and methods inside the class declared as public.
Answer by Dino-at-Google
·
Jul 10, 2018 at 04:35 PM
Yes. You will need to examine the stack trace more closely. The exception may not refer to your class; it may refer to a different class. In fact the permission violation may be due to some logic in a 3rd-party class that your class uses. If the 3rd-party class uses reflection, or other prohibited Java operations, you will see a similar security exception.
Look closely at the stack trace. You may get a better clue.
We are only using following two maven dependency in java callout jar,
- <dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.3.0</version>
</dependency>
2.<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.2</version>
</dependency>
How to view full Exception log in apigee for java callout errors?
Your Java code needs to catch the exception, generate the stacktrace, and then store it into a context variable.
For example:
public ExecutionResult execute(MessageContext msgCtxt, ExecutionContext exeCtxt) {
ExecutionResult calloutResult = ExecutionResult.ABORT;
..
try {
// do the thing
calloutResult = ExecutionResult.SUCCESS;
}
catch (Exception e) {
String stacktrace = ExceptionUtils.getStackTrace(e);
msgCtxt.setVariable(varName("stacktrace"), stacktrace);
String error = e.toString();
msgCtxt.setVariable(varName("exception"), error);
}
return calloutResult;
}
Here is some working example code.
Hi Currently
I able to get Exception logs in my policy response.Following sample of code used for converting java object to JSON string using Gson external library jar(This external jar included my java callout jar).
import com.apigee.flow.execution.Action;
import com.apigee.flow.execution.ExecutionContext;
import com.apigee.flow.execution.ExecutionResult;
import com.apigee.flow.execution.spi.Execution;
import com.apigee.flow.message.MessageContext;
import com.google.gson.Gson;
import com.dnb.apigee.TestPOJO;
import org.apache.commons.lang.exception.ExceptionUtils;
public class MainClassTest implements Execution{
public ExecutionResult execute(MessageContext messageContext, ExecutionContext arg1) {
try{
Gson gson = new Gson();
TestPOJO testPOJO = new TestPOJO();
testPOJO.setName("AAA");
testPOJO.setCompany("BBBB");
String finalValue= gson.toJson(testPOJO);
messageContext.setVariable("Final Respopnse :" ,finalValue);
}catch(RuntimeException ex){
ExecutionResult executionResult = new ExecutionResult(false, Action.ABORT);
executionResult.setErrorResponse(ex.getMessage());
executionResult.addErrorResponseHeader("ExceptionClass", ex.getClass().getName());
messageContext.setVariable("JAVA_ERROR", ex.getMessage());
messageContext.setVariable("JAVA_STACKTRACE", ExceptionUtils.getStackTrace(ex));
return executionResult;
}
return ExecutionResult.SUCCESS;
}
}
I am not able to call external library jar methods getting the following exception,
java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at
java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at
com.apigee.securitypolicy.InternalSecurityManager.checkPermission(InternalSecurityManager.java:84) at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:128) at
com.google.gson.internal.ConstructorConstructor.newDefaultConstructor(ConstructorConstructor.java:101) at com.google.gson.internal.ConstructorConstructor.get(ConstructorConstructor.java:83) at
com.google.gson.internal.bind.ReflectiveTypeAdapterFactory.create(ReflectiveTypeAdapterFactory.java:99) at com.google.gson.Gson.getDelegateAdapter(Gson.java:506) at
com.google.gson.internal.bind.TreeTypeAdapter.delegate(TreeTypeAdapter.java:89) at com.google.gson.internal.bind.TreeTypeAdapter.write(TreeTypeAdapter.java:74) at com.google.gson.Gson.toJson(Gson.java:669) at
com.google.gson.Gson.toJson(Gson.java:648) at com.google.gson.Gson.toJson(Gson.java:603) at com.google.gson.Gson.toJson(Gson.java:583) at com.dnb.apigee.MainClassTest.execute(MainClassTest.java:47) at
com.apigee.steps.javacallout.JavaCalloutStepDefinition$ClassLoadWrappedExecution.execute(JavaCalloutStepDefinition.java:202) at
com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:268) at
com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:266) at java.security.AccessController.doPrivileged(Native Method) at
com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution.execute(JavaCalloutStepDefinition.java:266) at
com.apigee.steps.javacallout.JavaCalloutStepDefinition$CallOutWrapper.execute(JavaCalloutStepDefinition.java:138) at com.apigee.messaging.runtime.steps.StepExecution.execute(StepExecution.java:146) at
com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:74) at
com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:45) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
