IBM Verify

 View Only

  • 1.  Quick Help needed : ISVA 10.0.3 : Access to Java class "com.sun.xml.messaging.saaj.soap.impl.ElementImpl" is prohibited

    Posted Mon January 24, 2022 03:51 PM
    Reply

    Hello,

    We have upgraded from 10.0.2 to 10.0.3 on our Dev and Test Appliance and we have started getting error.

    We have an STS Change with Default Map module

    And Javascript has first few line

    importPackage(Packages.com.tivoli.am.fim.trustserver.sts);
    importPackage(Packages.com.tivoli.am.fim.trustserver.sts.oauth20);
    importPackage(Packages.com.tivoli.am.fim.trustserver.sts.uuser);
    importPackage(Packages.com.ibm.security.access.user);
    importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
    importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.OAuthMappingExtUtils);
    importClass(Packages.java.util.ArrayList);
    importClass(Packages.java.util.HashMap);

    // Read in the STSUU
    var stsuu = new STSUniversalUser(stsrequest.getRequestSecurityToken().getBase());


    Error I am getting Following error

    692       Caused by: com.ibm.security.access.javascript.JSCodeRuntimeException
    693       at com.ibm.security.access.javascript.JSCode.execute(JSCode.java:141)
    694       at com.tivoli.am.fim.trustserver.sts.modules.STSMapDefault$JavaScriptRule.execute(STSMapDefault.java:289)
    695       ... 68 more
    696       Caused by: org.mozilla.javascript.EvaluatorException: Access to Java class "com.sun.xml.messaging.saaj.soap.impl.ElementImpl" is prohibited. (token-router#37)

    Not sure what is needed to resolve this error...

    I am trying to check if token is an Access_token or a JWT token based on blog from@Leo Farrell  OAuth: JWT as an Access Token - IBM Security Identity and Access
    IBM Security Identity and Access remove preview
    OAuth: JWT as an Access Token - IBM Security Identity and Access
    OAuth: JWT as an Access Token on ISAM The OAuth 2.0 specification does not go into great detail about token formats "Access tokens can have different formats, structures, and methods of utilization (e.g., cryptographic properties) based on the resource server security requirements". On IBM Security Access manager(ISAM) access tokens issued are a short opaque string used as [...]
    View this on IBM Security Identity and Access >
    a
    ​​​

    ------------------------------
    Piyush Agrawal
    https://www.linkedin.com/in/piyush-norway/
    Gjensidige Norway
    ------------------------------


  • 2.  RE: Quick Help needed : ISVA 10.0.3 : Access to Java class "com.sun.xml.messaging.saaj.soap.impl.ElementImpl" is prohibited

    Posted Mon January 24, 2022 04:01 PM
    Reply
    Piyush,
     
    This is a known issue with the 10.0.3 release.  I would suggest that you raise a ticket with IBM support team to get an update on the current status of this issue.
     
    Thanks.
     
     
    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

     
     
     



    Original Message


  • 3.  RE: Quick Help needed : ISVA 10.0.3 : Access to Java class "com.sun.xml.messaging.saaj.soap.impl.ElementImpl" is prohibited

    Posted Tue January 25, 2022 05:52 AM
    Reply
    Thanks @Scott Exton my colleague will raise a ticket..


    ------------------------------
    Piyush Agrawal
    https://www.linkedin.com/in/piyush-norway/
    Gjensidige Norway
    ------------------------------

    Original Message


  • 4.  RE: Quick Help needed : ISVA 10.0.3 : Access to Java class "com.sun.xml.messaging.saaj.soap.impl.ElementImpl" is prohibited

    Posted Tue February 01, 2022 03:01 AM
    Reply
    Support answer is this will be fixed in 10.0.4. That cant be correct ?

    ------------------------------
    Øyvind Bergerud
    ------------------------------

    Original Message


  • 5.  RE: Quick Help needed : ISVA 10.0.3 : Access to Java class "com.sun.xml.messaging.saaj.soap.impl.ElementImpl" is prohibited

    Posted Tue February 01, 2022 04:35 AM
    Reply
    Øyvind,
     
    I can confirm that a fix for this issue will be included in the upcoming 10.0.3.1 fix-pack.  IBM hopes to have this fix-pack finalised in the next couple of weeks.
     
    Thanks.
     
     
    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

     
     
     



    Original Message


Related Content