Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IllegalAccessException on the first request to the server #111

Open
laurelmay opened this issue Jul 6, 2022 · 0 comments
Open

IllegalAccessException on the first request to the server #111

laurelmay opened this issue Jul 6, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@laurelmay
Copy link
Contributor

Description

After starting the service, the first attempt to GET /catalogs (I have also seen GET /profiles) fails with a DataRetrievalFailureException, the root cause of which is an illegal reflective access to properties within the underlying OSCAL object data type. So far, I am not able to reproduce in the tests. In fact, I've actually only been able to reproduce within the oscal-editor-all-in-one container (so this issue may need to be transferred to that repository)

Steps to Reproduce

  1. Build the oscal-editor-all-in-one container from the current develop branch of both the REST service and the React app
  2. Start the container, properly pointing to an oscal-content repository
  3. Navigate to https://localhost:8080

Expected Behavior

The application navigation bar properly includes all relevant documents and all requests to the REST service returned a 200 status response

Actual Behavior

One or more document types fail to load, and the server returns a 5xx response for those requests.

Additional Notes

The fields that cause the issue don't seem to be consistent. I have seen it fail (as in the example below) with gov.nist.secauto.oscal.lib.model.Parameter, but with varying attributes. Additionally, Party is a common failure that I have seen. They're always related to some private field (as would be expected).

Logs 
2022-07-06 03:36:33.518 ERROR 1 --- [nio-8080-exec-5] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.dao.DataRetrievalFailureException: Failure in loading Oscal object.; nested exception is java.io.IOException: java.lang.IllegalArgumentException: Unable to set the value of field '_guidelines' in class 'gov.nist.secauto.oscal.lib.model.Parameter'.] with root cause

java.lang.IllegalAccessException: interface gov.nist.secauto.metaschema.binding.model.IBoundJavaField cannot access a member of class gov.nist.secauto.oscal.lib.model.Parameter with modifiers "private"
	at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:361) ~[na:na]
	at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:591) ~[na:na]
	at java.base/java.lang.reflect.Field.checkAccess(Field.java:1075) ~[na:na]
	at java.base/java.lang.reflect.Field.set(Field.java:778) ~[na:na]
	at gov.nist.secauto.metaschema.binding.model.IBoundJavaField.setValue(IBoundJavaField.java:127) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readInternal(DefaultAssemblyClassBinding.java:541) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readItem(DefaultAssemblyClassBinding.java:454) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.ClassDataTypeHandler.get(ClassDataTypeHandler.java:93) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readItem(AbstractNamedModelProperty.java:229) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.ListPropertyInfo.readValue(ListPropertyInfo.java:153) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readInternal(AbstractNamedModelProperty.java:180) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.AbstractNamedProperty.read(AbstractNamedProperty.java:86) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readInternal(DefaultAssemblyClassBinding.java:520) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readItem(DefaultAssemblyClassBinding.java:454) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.ClassDataTypeHandler.get(ClassDataTypeHandler.java:93) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readItem(AbstractNamedModelProperty.java:229) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.ListPropertyInfo.readValue(ListPropertyInfo.java:153) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readInternal(AbstractNamedModelProperty.java:180) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.AbstractNamedProperty.read(AbstractNamedProperty.java:86) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readInternal(DefaultAssemblyClassBinding.java:520) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readItem(DefaultAssemblyClassBinding.java:454) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.ClassDataTypeHandler.get(ClassDataTypeHandler.java:93) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readItem(AbstractNamedModelProperty.java:229) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.ListPropertyInfo.readValue(ListPropertyInfo.java:153) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readInternal(AbstractNamedModelProperty.java:180) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.AbstractNamedProperty.read(AbstractNamedProperty.java:86) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readInternal(DefaultAssemblyClassBinding.java:520) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readObject(DefaultAssemblyClassBinding.java:418) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.RootAssemblyDefinition.readObject(RootAssemblyDefinition.java:76) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.model.RootAssemblyDefinition.readRoot(RootAssemblyDefinition.java:244) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.io.json.DefaultJsonDeserializer.deserializeToNodeItemInternal(DefaultJsonDeserializer.java:103) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.io.AbstractDeserializer.deserializeToNodeItem(AbstractDeserializer.java:92) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.io.IDeserializer.deserializeToNodeItem(IDeserializer.java:171) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.io.DefaultBoundLoader.loadInternal(DefaultBoundLoader.java:381) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.io.DefaultBoundLoader.load(DefaultBoundLoader.java:364) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.io.IBoundLoader.load(IBoundLoader.java:259) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at gov.nist.secauto.metaschema.binding.io.IBoundLoader.load(IBoundLoader.java:279) ~[metaschema-java-binding-0.8.1.jar!/:na]
	at com.easydynamics.oscal.data.repository.file.BaseOscalRepoFileImpl.findAll(BaseOscalRepoFileImpl.java:218) ~[oscal-data-repository-file-0.0.1-SNAPSHOT.jar!/:0.0.1-SNAPSHOT]
	at com.easydynamics.oscal.data.repository.file.BaseOscalRepoFileImpl$$FastClassBySpringCGLIB$$51eb9204.invoke(<generated>) ~[oscal-data-repository-file-0.0.1-SNAPSHOT.jar!/:0.0.1-SNAPSHOT]
	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.21.jar!/:5.3.21]
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793) ~[spring-aop-5.3.21.jar!/:5.3.21]
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.21.jar!/:5.3.21]
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) ~[spring-aop-5.3.21.jar!/:5.3.21]
	at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:137) ~[spring-tx-5.3.21.jar!/:5.3.21]
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.21.jar!/:5.3.21]
	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) ~[spring-aop-5.3.21.jar!/:5.3.21]
	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708) ~[spring-aop-5.3.21.jar!/:5.3.21]
	at com.easydynamics.oscal.data.repository.file.OscalCatalogRepoFileImpl$$EnhancerBySpringCGLIB$$928b1a0e.findAll(<generated>) ~[oscal-data-repository-file-0.0.1-SNAPSHOT.jar!/:0.0.1-SNAPSHOT]
	at com.easydynamics.oscal.service.impl.BaseOscalObjectServiceImpl.findAll(BaseOscalObjectServiceImpl.java:103) ~[oscal-object-service-0.0.1-SNAPSHOT.jar!/:0.0.1-SNAPSHOT]
	at com.easydynamics.oscalrestservice.api.BaseOscalController.findAll(BaseOscalController.java:96) ~[classes!/:0.0.1-SNAPSHOT]
	at com.easydynamics.oscalrestservice.api.CatalogController.findAll(CatalogController.java:37) ~[classes!/:0.0.1-SNAPSHOT]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
	at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-5.3.21.jar!/:5.3.21]
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) ~[spring-web-5.3.21.jar!/:5.3.21]
	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:655) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.64.jar!/:na]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.21.jar!/:5.3.21]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar!/:5.3.21]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.21.jar!/:5.3.21]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar!/:5.3.21]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.21.jar!/:5.3.21]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar!/:5.3.21]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1787) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.64.jar!/:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]

I have reproduced in containers built with both Java 11 and Java 17; I have not tried reverting to an older version of liboscal-java. The fact I can't reproduce when using mvn spring-boot:run in the oscal-rest-service-app directory makes this quite a bit trickier to debug.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@laurelmay