"can not get JSON data from message target 'Request'" occurs in Validate JSON Schema assertion

book

Article ID: 129740

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

When request content (JSON) is manipulated with Execute JavaScript assertion placed at the beginning of policy definition in request with large content length (about over 1MB), the following error occurs.


2019-03-11T13:44:44.327+0900 WARNING 1371 com.l7tech.external.assertions.jsonschema.server.ServerJSONSchemaAssertion: Cannot get JSON data from message target 'Request'. Details: Unable to parse JSON: MIME multipart body has already been read, and was not saved
2019-03-11T13:44:44.336+0900 SEVERE 1371 com.l7tech.server.SoapMessageProcessingServlet: MIME multipart body has already been read, and was not saved
com.l7tech.common.mime.NoSuchPartException: MIME multipart body has already been read, and was not saved
2019-03-11T13:44:44.342+0900 WARNING 1371 com.l7tech.server.audit.MessageSummaryAuditFactory: Unable to get request XML: MIME multipart body has already been read, and was not saved

This problem does not occur when the length of the content is small. (less than 1MB)
 

Cause

The root cause of the problem is not having enough privileges to read physical file system.
FYI, larger message which cannot fit in single buffer will be stashed to physical file system by gateway.
And, javascript engine (nashorn) executes the script in sandbox mode for security purposes. 
 

Environment

Release:
Component: APIGTW

Resolution

Workaround:
Add the below entries in /opt/SecureSpan/Gateway/runtime/etc/ssg.policy and restart the gateway.

grant {
    permission java.io.FilePermission "/opt/SecureSpan/Gateway/node/default/var/attachments", "read,write";
    permission java.io.FilePermission "/opt/SecureSpan/Gateway/node/default/var/attachments/*", "read,write,delete";
}

NOTE: Above attachements directory is default one for stashing the messages. It could be different if it is configured through com.l7tech.server.attachmentDirectory system property.