Read error when using javascript assertion
Article ID: 368146
Updated On:
Products
CA API Gateway
Issue/Introduction
When trying to read a variable in the JavaScript assertion where the message size is larger than the value set for the "attachment.diskThreshold" Cluster wide property, the service fails with the following error.
2024-05-06T10:51:55.772+0000 INFO 11227 com.l7tech.server.message: Processing request for service:xxxxxxx [/xxxxxxxx]
2024-05-06T10:51:55.772+0000 WARNING 11227 com.l7tech.external.assertions.js.server.ServerJavaScriptAssertion: 4: Script failure: xxxxxxxxx:java.security.AccessControlException: access denied ("java.io.FilePermission" "/opt/SecureSpan/Gateway/node/default/var/attachments/att7378190_0.part" "read")
at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$128$14$\^eval\_.L:1(<eval>:2)
at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$126$\^eval\_.:program(<eval>:1)
. Exception caught!
2024-05-06T10:51:55.772+0000 INFO 11227 com.l7tech.server.MessageProcessor: 3017: Policy evaluation for service xxxxxxxxxxx
[0fa77fb1093048c8bcaae0bc86ca3582] resulted in status 601 (Error in Assertion Processing)
Environment
API Gateway 10.x, 11.x
Cause
Due to the size of the message, the data is written to disk. The JavaScript assertion does not have the permission to access this temporary file.
Resolution
To workaround this, you can add the following grant to the java security policy:
- Edit the ssg.policy file: nano /opt/SecureSpan/Gateway/runtime/etc/ssg.policy
- Add the following grant statement :
grant {
permission java.io.FilePermission "/opt/SecureSpan/Gateway/node/default/var/attachments/*", "read,write";
};
- Restart the Gateway
This will also be added to the upcoming gateway release.
Feedback
Yes
No
Powered by
