Error during REST API call in Sailpoint using openJDK 17

IdentityIQ (IIQ) IIQ Discussion and Questions
, , ,
1

Which IIQ version are you inquiring about?

I’m doing REST API call via a rule using the below code for it:
import java.io.OutputStream;
import java.util.List;
import java.io.*;
import org.json.JSONArray;
import org.json.JSONObject;

HashMap map = new HashMap();
public void AllVault () {

String endpointURL = "https://apipam.dsb.dk/cspm/ext/rest/vaults?limit=0";
log.error("End Point URL" +endpointURL);
URL url = new URL(endpointURL);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("GET");
conn.setRequestProperty("Content-Type", "application/json");
String auth = "*********" + ":" + "******";
byte[] encodedAuth = Base64.getEncoder().encode(auth.getBytes());
String authHeaderValue = "Basic " + new String(encodedAuth);
conn.setRequestProperty("Authorization", authHeaderValue);
int responseCode = conn.getResponseCode();
BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
  response.append(inputLine);
}
in.close();
// log.error(response.toString());
JSONObject responseJson = new JSONObject(response.toString());
JSONArray vaultsArray = responseJson.getJSONArray("data");
for (int i = 0; i < vaultsArray.length(); i++) {
  JSONObject vault = vaultsArray.getJSONObject(i);
  map.put(vault.getString("name"),vault.getInt("id"));
  //log.error("|" +vault.getString("name") +"| " + vault.getInt("id"));  
}

}

I noticed this error after upgrading from Java OpenJDK 11 to Java OpenJDK 17. The same rule worked fine with Java OpenJDK 11. Any suggestions for resolving this error would be helpful. Thanks in advance.

Please share any images or screenshots, if relevant.

[Please insert images here, otherwise delete this section]

Please share any other relevant files that may be required (for example, logs).

[Please insert files here, otherwise delete this section]

Share all details about your problem, including any error messages you may have received.

[Replace this text with the problem that you are facing]

2

Hi @Xdipa2407,

Could you please error info?

3

I’m getting below error when I run the above rule.

Exception running rule: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import sailpoint.api.IdentityService; import sailpoint.api.SailPointContext; . . . '' : Error in method invocation: Cannot access method setRequestMethod(java.lang.String) in 'class sun.net.www.protocol.https.HttpsURLConnectionImpl' :java.lang.IllegalAccessException: class bsh.Reflect cannot access class sun.net.www.protocol.https.HttpsURLConnectionImpl (in module java.base) because module java.base does not export sun.net.www.protocol.https to unnamed module @366cd8f8 : at Line: 29 : in file: inline evaluation of: import sailpoint.api.IdentityService; import sailpoint.api.SailPointContext; . . . ‘’ : conn .setRequestMethod ( “GET” )

Called from method: AllVault : at Line: 183 : in file: inline evaluation of: ``import sailpoint.api.IdentityService; import sailpoint.api.SailPointContext; . . . ‘’ : AllVault ( ) BSF info: Vaultcreation at line: 0 column: columnNo

4

I’m getting below error when I run the above rule.
Exception running rule: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import sailpoint.api.IdentityService; import sailpoint.api.SailPointContext; . . . '' : Error in method invocation: Cannot access method setRequestMethod(java.lang.String) in 'class sun.net.www.protocol.https.HttpsURLConnectionImpl' :java.lang.IllegalAccessException: class bsh.Reflect cannot access class sun.net.www.protocol.https.HttpsURLConnectionImpl (in module java.base) because module java.base does not export sun.net.www.protocol.https to unnamed module @366cd8f8 : at Line: 29 : in file: inline evaluation of: import sailpoint.api.IdentityService; import sailpoint.api.SailPointContext; . . . ‘’ : conn .setRequestMethod ( “GET” )

Called from method: AllVault : at Line: 183 : in file: inline evaluation of: ``import sailpoint.api.IdentityService; import sailpoint.api.SailPointContext; . . . ‘’ : AllVault ( ) BSF info: Vaultcreation at line: 0 column: columnNo

5

please check this post

6

This is for JDK 17 is not same as openJDK 17. I am using openJDK 17.

7

The error you’re encountering is due to changes in Java module access controls introduced in Java 9 and later versions. Java 17 enforces stricter encapsulation, and HttpsURLConnectionImpl is part of a package that is not exported to unnamed modules, which includes BeanShell.

To resolve this issue, you can try adding the --add-exports option to allow reflective access to the required module. This needs to be configured in the JVM arguments for the Tomcat server where IdentityIQ is running.

You can add the following argument to your Tomcat startup script:

--add-exports java.base/sun.net.www.protocol.https=ALL-UNNAMED

This will export the package to all unnamed modules, which should resolve the IllegalAccessException. If you are using catalina.sh or catalina.bat, modify the CATALINA_OPTS or JAVA_OPTS environment variable to include this option.

For example, you might add it like this in catalina.sh:

CATALINA_OPTS="$CATALINA_OPTS --add-exports java.base/sun.net.www.protocol.https=ALL-UNNAMED"

Or in catalina.bat:

set "CATALINA_OPTS=%CATALINA_OPTS% --add-exports java.base/sun.net.www.protocol.https=ALL-UNNAMED"

Restart Tomcat after making this change, and it should resolve the issue with IllegalAccessException.

1 Like
8

Hi , could you please confirm whether i have been added correctly, as shown in the screenshot below?

image
image985×293 8.8 KB

Regards,
Divya P

9

Hi Zekkin,
I checked catalina.bat file , where we have to add below arguments. Please confirm.

set “CATALINA_OPTS=%CATALINA_OPTS% --add-exports java.base/sun.net.www.protocol.https=ALL-UNNAMED”

image
image801×417 7.36 KB

We have both the file catalina.sh and cataina.bat.

image

11

Yes, that’s correct.

12

Now I facing error below:
Before upgrade the same code was working properly.

Exception running rule: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: import sailpoint.api.IdentityService; import sailpoint.api.SailPointContext; . . . '' : Error in method invocation: Cannot access method write([B, int, int) in 'class sun.net.www.http.PosterOutputStream' :java.lang.IllegalAccessException: class bsh.Reflect cannot access class sun.net.www.http.PosterOutputStream (in module java.base) because module java.base does not export sun.net.www.http to unnamed module @33aba37d : at Line: 163 : in file: inline evaluation of: import sailpoint.api.IdentityService; import sailpoint.api.SailPointContext; . . . ‘’ : os .write ( input , 0 , input .length )

Called from method: PUTVault : at Line: 265 : in file: inline evaluation of: ``import sailpoint.api.IdentityService; import sailpoint.api.SailPointContext; . . . ‘’ : PUTVault ( vaultname , map .get ( vaultname ) , Dname , id , name ) BSF info: Vaultcreation at line: 0 column: columnNo

13

Did you restart Tomcat after making the changes?

14

try

--add-exports=java.base/sun.net.www.http=ALL-UNNAMED

instead of

--add-exports=java.base/sun.net.www.https=ALL-UNNAMED
15

issue resolved. Thank you so much!

16

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.