When we are executing custom jar file in apigee getting following exception,
Exception Occured :java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
Note:All variables and methods inside the class declared as public.
Answer by Dino-at-Google
·
Oct 22 at 02:30 AM
I've looked into this and it seems to me that now, Apigee prohibits the use of both Jackson or Gson for JSON parsing. That;s a shame. Both of those libraries use reflection, and if you try to use them, you get a stacktrace like this:
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.apigee.securitypolicy.InternalSecurityManager.checkPermission(InternalSecurityManager.java:85) at java.lang.Class.checkMemberAccess(Class.java:2348) at java.lang.Class.getDeclaredConstructor(Class.java:2177) at com.google.gson.internal.ConstructorConstructor.newDefaultConstructor(ConstructorConstructor.java:101) at com.google.gson.internal.ConstructorConstructor.get(ConstructorConstructor.java:85) at com.google.gson.internal.bind.MapTypeAdapterFactory.create(MapTypeAdapterFactory.java:127) at com.google.gson.Gson.getAdapter(Gson.java:458) at com.google.gson.Gson.fromJson(Gson.java:931) at com.google.gson.Gson.fromJson(Gson.java:870) at com.google.apigee.edgecallouts.GsonTest.execute(GsonTest.java:37) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$ClassLoadWrappedExecution.execute(JavaCalloutStepDefinition.java:204) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:271) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:269) at java.security.AccessController.doPrivileged(Native Method) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution.execute(JavaCalloutStepDefinition.java:269) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$CallOutWrapper.execute(JavaCalloutStepDefinition.java:138) at com.apigee.messaging.runtime.steps.StepExecution.execute(StepExecution.java:156) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:74) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:45) at com.apigee.threadpool.CallableWrapperForMDCPreservation.call(CallableWrapperForMDCPreservation.java:26) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
There is a workaround, which may work for some basic cases. Use the javax.json parser.
Here's a repo that shows how to do it.
Answer by Dino-at-Google
·
Jul 10, 2018 at 04:35 PM
Yes. You will need to examine the stack trace more closely. The exception may not refer to your class; it may refer to a different class. In fact the permission violation may be due to some logic in a 3rd-party class that your class uses. If the 3rd-party class uses reflection, or other prohibited Java operations, you will see a similar security exception.
Look closely at the stack trace. You may get a better clue.
We are only using following two maven dependency in java callout jar,
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.3.0</version>
</dependency>
2.<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.2</version>
</dependency>
How to view full Exception log in apigee for java callout errors?
Your Java code needs to catch the exception, generate the stacktrace, and then store it into a context variable.
For example:
public ExecutionResult execute(MessageContext msgCtxt, ExecutionContext exeCtxt) { ExecutionResult calloutResult = ExecutionResult.ABORT; .. try { // do the thing calloutResult = ExecutionResult.SUCCESS; } catch (Exception e) { String stacktrace = ExceptionUtils.getStackTrace(e); msgCtxt.setVariable(varName("stacktrace"), stacktrace); String error = e.toString(); msgCtxt.setVariable(varName("exception"), error); } return calloutResult; }
Here is some working example code.
Hi Currently
I able to get Exception logs in my policy response.Following sample of code used for converting java object to JSON string using Gson external library jar(This external jar included my java callout jar).
import com.apigee.flow.execution.Action; import com.apigee.flow.execution.ExecutionContext; import com.apigee.flow.execution.ExecutionResult; import com.apigee.flow.execution.spi.Execution; import com.apigee.flow.message.MessageContext; import com.google.gson.Gson; import com.dnb.apigee.TestPOJO; import org.apache.commons.lang.exception.ExceptionUtils; public class MainClassTest implements Execution{ public ExecutionResult execute(MessageContext messageContext, ExecutionContext arg1) { try{ Gson gson = new Gson(); TestPOJO testPOJO = new TestPOJO(); testPOJO.setName("AAA"); testPOJO.setCompany("BBBB"); String finalValue= gson.toJson(testPOJO); messageContext.setVariable("Final Respopnse :" ,finalValue); }catch(RuntimeException ex){ ExecutionResult executionResult = new ExecutionResult(false, Action.ABORT); executionResult.setErrorResponse(ex.getMessage()); executionResult.addErrorResponseHeader("ExceptionClass", ex.getClass().getName()); messageContext.setVariable("JAVA_ERROR", ex.getMessage()); messageContext.setVariable("JAVA_STACKTRACE", ExceptionUtils.getStackTrace(ex)); return executionResult; } return ExecutionResult.SUCCESS; } }
I am not able to call external library jar methods getting the following exception,
java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.apigee.securitypolicy.InternalSecurityManager.checkPermission(InternalSecurityManager.java:84) at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:128) at com.google.gson.internal.ConstructorConstructor.newDefaultConstructor(ConstructorConstructor.java:101) at com.google.gson.internal.ConstructorConstructor.get(ConstructorConstructor.java:83) at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory.create(ReflectiveTypeAdapterFactory.java:99) at com.google.gson.Gson.getDelegateAdapter(Gson.java:506) at com.google.gson.internal.bind.TreeTypeAdapter.delegate(TreeTypeAdapter.java:89) at com.google.gson.internal.bind.TreeTypeAdapter.write(TreeTypeAdapter.java:74) at com.google.gson.Gson.toJson(Gson.java:669) at com.google.gson.Gson.toJson(Gson.java:648) at com.google.gson.Gson.toJson(Gson.java:603) at com.google.gson.Gson.toJson(Gson.java:583) at com.dnb.apigee.MainClassTest.execute(MainClassTest.java:47) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$ClassLoadWrappedExecution.execute(JavaCalloutStepDefinition.java:202) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:268) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:266) at java.security.AccessController.doPrivileged(Native Method) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution.execute(JavaCalloutStepDefinition.java:266) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$CallOutWrapper.execute(JavaCalloutStepDefinition.java:138) at com.apigee.messaging.runtime.steps.StepExecution.execute(StepExecution.java:146) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:74) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:45) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
Java callouts are they supported on free version 2 Answers
How to use resource files for Javacallout 2 Answers
Is code written on Java 11 supported on cloud edge? 1 Answer
Run a polling job in Apigee? 3 Answers