Differences
This shows you the differences between two versions of the page.
| Last revision Both sides next revision | |||
|
faq:scripts:the_application_still_reports_an_error_groovy_script_did_not_pass_safety_check_even_though_the_script_has_permissions [2017/06/12 10:57] tsunami created |
faq:scripts:the_application_still_reports_an_error_groovy_script_did_not_pass_safety_check_even_though_the_script_has_permissions [2019/06/12 12:04] doischert |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== The application still reports an error: " | ||
| + | It is possible that you are returning this class to another script. Check your application' | ||
| + | |||
| + | An example of a specific use-case: | ||
| + | |||
| + | A script looks like this: | ||
| + | < | ||
| + | import eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto; | ||
| + | import eu.bcvsolutions.idm.acc.exception.SynchronizationException; | ||
| + | import eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityFilter; | ||
| + | import java.util.Collections$UnmodifiableRandomAccessList; | ||
| + | |||
| + | IdmIdentityFilter filter = new IdmIdentityFilter(); | ||
| + | filter.setExternalCode(attributeValue); | ||
| + | | ||
| + | List identities = new ArrayList(); | ||
| + | identities = identityService.find(filter, | ||
| + | if (!identities.isEmpty()) { | ||
| + | return identities.get(0); | ||
| + | } | ||
| + | | ||
| + | return null; | ||
| + | </ | ||
| + | |||
| + | The error in log shows this: | ||
| + | < | ||
| + | 2019-06-12T13: | ||
| + | at eu.bcvsolutions.idm.core.model.service.impl.DefaultGroovyScriptService.evaluate(DefaultGroovyScriptService.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSysSystemAttributeMappingService.transformValueFromResource(DefaultSysSystemAttributeMappingService.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSysSystemAttributeMappingService.transformValueFromResource(DefaultSysSystemAttributeMappingService.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSysSystemAttributeMappingService.getValueByMappedAttribute(DefaultSysSystemAttributeMappingService.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSysSystemAttributeMappingService.getUidValueFromResource(DefaultSysSystemAttributeMappingService.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSysSystemAttributeMappingService$$FastClassBySpringCGLIB$$507e7707.invoke(< | ||
| + | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java: | ||
| + | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSysSystemAttributeMappingService$$EnhancerBySpringCGLIB$$29f4e3f1.getUidValueFromResource(< | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.AbstractSynchronizationExecutor.generateUID(AbstractSynchronizationExecutor.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.AbstractSynchronizationExecutor.findAccount(AbstractSynchronizationExecutor.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.AbstractSynchronizationExecutor.doItemSynchronization(AbstractSynchronizationExecutor.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSynchronizationService.doItemSynchronization(DefaultSynchronizationService.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSynchronizationService$$FastClassBySpringCGLIB$$66d7ee75.invoke(< | ||
| + | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java: | ||
| + | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java: | ||
| + | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java: | ||
| + | at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java: | ||
| + | at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java: | ||
| + | at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java: | ||
| + | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java: | ||
| + | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSynchronizationService$$EnhancerBySpringCGLIB$$65f85efb.doItemSynchronization(< | ||
| + | at eu.bcvsolutions.idm.acc.event.processor.synchronization.SynchronizationItemProcessor.process(SynchronizationItemProcessor.java: | ||
| + | at eu.bcvsolutions.idm.core.api.event.AbstractEntityEventProcessor.onApplicationEvent(AbstractEntityEventProcessor.java: | ||
| + | at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java: | ||
| + | at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java: | ||
| + | at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java: | ||
| + | at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java: | ||
| + | at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java: | ||
| + | at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager.process(DefaultEntityEventManager.java: | ||
| + | at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$FastClassBySpringCGLIB$$1694e58f.invoke(< | ||
| + | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java: | ||
| + | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java: | ||
| + | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java: | ||
| + | at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java: | ||
| + | at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java: | ||
| + | at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java: | ||
| + | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java: | ||
| + | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java: | ||
| + | at eu.bcvsolutions.idm.core.model.service.impl.DefaultEntityEventManager$$EnhancerBySpringCGLIB$$394d8489.process(< | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.AbstractSynchronizationExecutor.startItemSynchronization(AbstractSynchronizationExecutor.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.AbstractSynchronizationExecutor.handleIcObject(AbstractSynchronizationExecutor.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.AbstractSynchronizationExecutor$DefaultResultHandler.handle(AbstractSynchronizationExecutor.java: | ||
| + | at eu.bcvsolutions.idm.ic.connid.service.impl.ConnIdIcConnectorService$2.handle(ConnIdIcConnectorService.java: | ||
| + | at org.identityconnectors.framework.impl.api.StreamHandlerUtil$ObjectStreamHandlerAdapter.handle(StreamHandlerUtil.java: | ||
| + | at org.identityconnectors.framework.impl.api.BufferedResultsProxy.invoke(BufferedResultsProxy.java: | ||
| + | at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java: | ||
| + | at com.sun.proxy.$Proxy359.search(Unknown Source) | ||
| + | at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.search(AbstractConnectorFacade.java: | ||
| + | at eu.bcvsolutions.idm.ic.connid.service.impl.ConnIdIcConnectorService.pageSearch(ConnIdIcConnectorService.java: | ||
| + | at eu.bcvsolutions.idm.ic.connid.service.impl.ConnIdIcConnectorService.search(ConnIdIcConnectorService.java: | ||
| + | at eu.bcvsolutions.idm.ic.service.impl.DefaultIcConnectorFacade.search(DefaultIcConnectorFacade.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.AbstractSynchronizationExecutor.process(AbstractSynchronizationExecutor.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSynchronizationService.startSynchronization(DefaultSynchronizationService.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSynchronizationService$$FastClassBySpringCGLIB$$66d7ee75.invoke(< | ||
| + | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java: | ||
| + | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java: | ||
| + | at eu.bcvsolutions.idm.acc.service.impl.DefaultSynchronizationService$$EnhancerBySpringCGLIB$$65f85efb.startSynchronization(< | ||
| + | at eu.bcvsolutions.idm.acc.scheduler.task.impl.SynchronizationSchedulableTaskExecutor.process(SynchronizationSchedulableTaskExecutor.java: | ||
| + | at eu.bcvsolutions.idm.acc.scheduler.task.impl.SynchronizationSchedulableTaskExecutor.process(SynchronizationSchedulableTaskExecutor.java: | ||
| + | at eu.bcvsolutions.idm.core.scheduler.api.service.AbstractLongRunningTaskExecutor.call(AbstractLongRunningTaskExecutor.java: | ||
| + | at java.util.concurrent.FutureTask.run(FutureTask.java: | ||
| + | at org.springframework.security.concurrent.DelegatingSecurityContextRunnable.run(DelegatingSecurityContextRunnable.java: | ||
| + | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java: | ||
| + | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java: | ||
| + | at java.lang.Thread.run(Thread.java: | ||
| + | Caused by: java.lang.SecurityException: | ||
| + | at eu.bcvsolutions.idm.core.security.domain.GroovySandboxFilter.filter(GroovySandboxFilter.java: | ||
| + | at org.kohsuke.groovy.sandbox.GroovyValueFilter.filterReturnValue(GroovyValueFilter.java: | ||
| + | at org.kohsuke.groovy.sandbox.GroovyValueFilter.onMethodCall(GroovyValueFilter.java: | ||
| + | at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java: | ||
| + | at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java: | ||
| + | at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) | ||
| + | at Script1.run(Script1.groovy: | ||
| + | at eu.bcvsolutions.idm.core.model.service.impl.DefaultGroovyScriptService.evaluate(DefaultGroovyScriptService.java: | ||
| + | ... 66 more | ||
| + | </ | ||
| + | |||
| + | And that's even though the script has permissions for the class eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto. The problem is that this script return an object from this class eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto which it is not supposed to do. | ||
| + | |||
| + | To fix this, change the return statement. | ||