Skip to content

Script providers not working on OpenJDK 17 due to Nashorn being deprecated #9945

Closed
#11322
Closed
Script providers not working on OpenJDK 17 due to Nashorn being deprecated#9945
#11322
Assignees
mposolda
Labels
area/corekind/bugCategorizes a PR related to a bug
Milestone
19.0.0
@kami619

Description

@kami619
kami619
opened on Feb 2, 2022

Describe the bug

Hitting this below exception when I run the org.keycloak.testsuite.authz.* module tests

and here is the reference for the deprecation notice in openjdk - https://openjdk.java.net/jeps/372

I was able to confirm the same runs just fine with JDK11 runtime for the authserver. This would be a blocker for the Java 17 certification tests.

Caused by: java.lang.IllegalStateException: Could not find ScriptEngine for script: Script{id='null', realmId='0cfba609-5d40-404f-a3eb-769cf46dcff8', name='Grant Policy', type='text/javascript', code='$evaluation.grant();', description='null'}

This is also was previously discussed in KEYCLOAK-12755

Version

17.0.0-SNAPSHOT, OpenJDK17

Expected behavior

We would like the javascript engine to initialize and not fail on the authorization work flows

Actual behavior

The suspicion is that because of the deprecated Nashorn js engine in jdk17, we are getting a Could not find ScriptEngine for script IllegalStateExceptions.

I think we also want a proper exception to bubble up the stack trace, as currently we get a generic exception which is
Unexpected error while evaluating permissions: java.lang.RuntimeException: Failed to evaluate permissions even though we get the actual problem the stack trace down the line.

How to Reproduce?

run the authz module testsuite using the below mvn command

set the right binary path for the JDK17_HOME and MVN_SETTINGS_PATH before you run it.

mvn -f testsuite/integration-arquillian/tests/base/pom.xml clean install -Dauth.server.java.home=${JDK17_HOME} -Dauth.server.memory.settings="-Xms128m -Xmx512m -XX:MetaspaceSize=96m -XX:MaxMetaspaceSize=256m" -Dapp.server.memory.settings="-Xms128m -Xmx512m -XX:MetaspaceSize=96m -XX:MaxMetaspaceSize=256m" -B -s ${MVN_SETTINGS_PATH} -Dsettings.path=${MVN_SETTINGS_PATH} -Dsurefire.memory.Xms=512m -Dsurefire.memory.Xmx=1536m -Dinsecure.repositories=WARN -Pauth-server-wildfly -Pjava11-auth-server -Dtest=org.keycloak.testsuite.authz.AuthorizationTest

Anything else?

Issue full stack trace:

2022-02-01 20:07:38,427 ERROR [org.keycloak.authorization.authorization.AuthorizationTokenService] (default task-1) Unexpected error while evaluating permissions: java.lang.RuntimeException: Failed to evaluate permissions
        at [email protected]//org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector.onError(DecisionPermissionCollector.java:182)
        at [email protected]//org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:71)
        at [email protected]//org.keycloak.authorization.permission.evaluator.IterablePermissionEvaluator.evaluate(IterablePermissionEvaluator.java:87)
        at [email protected]//org.keycloak.authorization.authorization.AuthorizationTokenService.evaluatePermissions(AuthorizationTokenService.java:285)
        at [email protected]//org.keycloak.authorization.authorization.AuthorizationTokenService.authorize(AuthorizationTokenService.java:222)
.
.
.
.
Caused by: java.lang.IllegalStateException: Could not find ScriptEngine for script: Script{id='null', realmId='0cfba609-5d40-404f-a3eb-769cf46dcff8', name='Grant Policy', type='text/javascript', code='$evaluation.grant();', description='null'}
        at [email protected]//org.keycloak.scripting.DefaultScriptingProvider.createPreparedScriptEngine(DefaultScriptingProvider.java:106)
        at [email protected]//org.keycloak.scripting.DefaultScriptingProvider.prepareEvaluatableScript(DefaultScriptingProvider.java:72)
        at [email protected]//org.keycloak.scripting.DefaultScriptingProvider.prepareEvaluatableScript(DefaultScriptingProvider.java:33)
        at [email protected]//org.keycloak.authorization.policy.provider.js.JSPolicyProviderFactory.lambda$getEvaluatableScript$0(JSPolicyProviderFactory.java:109)
        at [email protected]//org.keycloak.authorization.policy.provider.js.ScriptCache.lambda$computeIfAbsent$0(ScriptCache.java:80)
        at java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1220)
        at [email protected]//org.keycloak.authorization.policy.provider.js.ScriptCache.computeIfAbsent(ScriptCache.java:80)
        at [email protected]//org.keycloak.authorization.policy.provider.js.JSPolicyProviderFactory.getEvaluatableScript(JSPolicyProviderFactory.java:106)
        at [email protected]//org.keycloak.authorization.policy.provider.js.JSPolicyProvider.evaluate(JSPolicyProvider.java:46)
        at [email protected]//org.keycloak.authorization.policy.provider.permission.AbstractPermissionProvider.evaluate(AbstractPermissionProvider.java:56)
        at [email protected]//org.keycloak.authorization.policy.provider.permission.ResourcePolicyProvider.evaluate(ResourcePolicyProvider.java:47)
        at [email protected]//org.keycloak.authorization.policy.evaluation.DefaultPolicyEvaluator.lambda$createPolicyEvaluator$0(DefaultPolicyEvaluator.java:116)

Metadata

Metadata

Assignees

Labels

area/corekind/bugCategorizes a PR related to a bug

Type

No type

Projects

Testsuite Stabilization

Status

✅ Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions