Description
After starting the service, the first attempt to GET /catalogs (I have also seen GET /profiles) fails with a DataRetrievalFailureException, the root cause of which is an illegal reflective access to properties within the underlying OSCAL object data type. So far, I am not able to reproduce in the tests. In fact, I've actually only been able to reproduce within the oscal-editor-all-in-one container (so this issue may need to be transferred to that repository)
Steps to Reproduce
- Build the
oscal-editor-all-in-one container from the current develop branch of both the REST service and the React app
- Start the container, properly pointing to an
oscal-content repository
- Navigate to
https://localhost:8080
Expected Behavior
The application navigation bar properly includes all relevant documents and all requests to the REST service returned a 200 status response
Actual Behavior
One or more document types fail to load, and the server returns a 5xx response for those requests.
Additional Notes
The fields that cause the issue don't seem to be consistent. I have seen it fail (as in the example below) with gov.nist.secauto.oscal.lib.model.Parameter, but with varying attributes. Additionally, Party is a common failure that I have seen. They're always related to some private field (as would be expected).
Logs
2022-07-06 03:36:33.518 ERROR 1 --- [nio-8080-exec-5] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.dao.DataRetrievalFailureException: Failure in loading Oscal object.; nested exception is java.io.IOException: java.lang.IllegalArgumentException: Unable to set the value of field '_guidelines' in class 'gov.nist.secauto.oscal.lib.model.Parameter'.] with root cause
java.lang.IllegalAccessException: interface gov.nist.secauto.metaschema.binding.model.IBoundJavaField cannot access a member of class gov.nist.secauto.oscal.lib.model.Parameter with modifiers "private"
at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:361) ~[na:na]
at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:591) ~[na:na]
at java.base/java.lang.reflect.Field.checkAccess(Field.java:1075) ~[na:na]
at java.base/java.lang.reflect.Field.set(Field.java:778) ~[na:na]
at gov.nist.secauto.metaschema.binding.model.IBoundJavaField.setValue(IBoundJavaField.java:127) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readInternal(DefaultAssemblyClassBinding.java:541) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readItem(DefaultAssemblyClassBinding.java:454) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.ClassDataTypeHandler.get(ClassDataTypeHandler.java:93) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readItem(AbstractNamedModelProperty.java:229) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.ListPropertyInfo.readValue(ListPropertyInfo.java:153) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readInternal(AbstractNamedModelProperty.java:180) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.AbstractNamedProperty.read(AbstractNamedProperty.java:86) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readInternal(DefaultAssemblyClassBinding.java:520) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readItem(DefaultAssemblyClassBinding.java:454) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.ClassDataTypeHandler.get(ClassDataTypeHandler.java:93) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readItem(AbstractNamedModelProperty.java:229) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.ListPropertyInfo.readValue(ListPropertyInfo.java:153) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readInternal(AbstractNamedModelProperty.java:180) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.AbstractNamedProperty.read(AbstractNamedProperty.java:86) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readInternal(DefaultAssemblyClassBinding.java:520) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readItem(DefaultAssemblyClassBinding.java:454) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.ClassDataTypeHandler.get(ClassDataTypeHandler.java:93) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readItem(AbstractNamedModelProperty.java:229) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.ListPropertyInfo.readValue(ListPropertyInfo.java:153) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.AbstractNamedModelProperty.readInternal(AbstractNamedModelProperty.java:180) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.AbstractNamedProperty.read(AbstractNamedProperty.java:86) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readInternal(DefaultAssemblyClassBinding.java:520) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.DefaultAssemblyClassBinding.readObject(DefaultAssemblyClassBinding.java:418) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.RootAssemblyDefinition.readObject(RootAssemblyDefinition.java:76) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.model.RootAssemblyDefinition.readRoot(RootAssemblyDefinition.java:244) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.io.json.DefaultJsonDeserializer.deserializeToNodeItemInternal(DefaultJsonDeserializer.java:103) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.io.AbstractDeserializer.deserializeToNodeItem(AbstractDeserializer.java:92) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.io.IDeserializer.deserializeToNodeItem(IDeserializer.java:171) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.io.DefaultBoundLoader.loadInternal(DefaultBoundLoader.java:381) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.io.DefaultBoundLoader.load(DefaultBoundLoader.java:364) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.io.IBoundLoader.load(IBoundLoader.java:259) ~[metaschema-java-binding-0.8.1.jar!/:na]
at gov.nist.secauto.metaschema.binding.io.IBoundLoader.load(IBoundLoader.java:279) ~[metaschema-java-binding-0.8.1.jar!/:na]
at com.easydynamics.oscal.data.repository.file.BaseOscalRepoFileImpl.findAll(BaseOscalRepoFileImpl.java:218) ~[oscal-data-repository-file-0.0.1-SNAPSHOT.jar!/:0.0.1-SNAPSHOT]
at com.easydynamics.oscal.data.repository.file.BaseOscalRepoFileImpl$$FastClassBySpringCGLIB$$51eb9204.invoke(<generated>) ~[oscal-data-repository-file-0.0.1-SNAPSHOT.jar!/:0.0.1-SNAPSHOT]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.21.jar!/:5.3.21]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793) ~[spring-aop-5.3.21.jar!/:5.3.21]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.21.jar!/:5.3.21]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) ~[spring-aop-5.3.21.jar!/:5.3.21]
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:137) ~[spring-tx-5.3.21.jar!/:5.3.21]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.21.jar!/:5.3.21]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) ~[spring-aop-5.3.21.jar!/:5.3.21]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708) ~[spring-aop-5.3.21.jar!/:5.3.21]
at com.easydynamics.oscal.data.repository.file.OscalCatalogRepoFileImpl$$EnhancerBySpringCGLIB$$928b1a0e.findAll(<generated>) ~[oscal-data-repository-file-0.0.1-SNAPSHOT.jar!/:0.0.1-SNAPSHOT]
at com.easydynamics.oscal.service.impl.BaseOscalObjectServiceImpl.findAll(BaseOscalObjectServiceImpl.java:103) ~[oscal-object-service-0.0.1-SNAPSHOT.jar!/:0.0.1-SNAPSHOT]
at com.easydynamics.oscalrestservice.api.BaseOscalController.findAll(BaseOscalController.java:96) ~[classes!/:0.0.1-SNAPSHOT]
at com.easydynamics.oscalrestservice.api.CatalogController.findAll(CatalogController.java:37) ~[classes!/:0.0.1-SNAPSHOT]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-5.3.21.jar!/:5.3.21]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) ~[spring-web-5.3.21.jar!/:5.3.21]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:655) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.21.jar!/:5.3.21]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.64.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.21.jar!/:5.3.21]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar!/:5.3.21]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.21.jar!/:5.3.21]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar!/:5.3.21]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.21.jar!/:5.3.21]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar!/:5.3.21]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1787) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.64.jar!/:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.64.jar!/:na]
at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
I have reproduced in containers built with both Java 11 and Java 17; I have not tried reverting to an older version of liboscal-java. The fact I can't reproduce when using mvn spring-boot:run in the oscal-rest-service-app directory makes this quite a bit trickier to debug.
Description
After starting the service, the first attempt to
GET /catalogs(I have also seenGET /profiles) fails with aDataRetrievalFailureException, the root cause of which is an illegal reflective access to properties within the underlying OSCAL object data type. So far, I am not able to reproduce in the tests. In fact, I've actually only been able to reproduce within theoscal-editor-all-in-onecontainer (so this issue may need to be transferred to that repository)Steps to Reproduce
oscal-editor-all-in-onecontainer from the currentdevelopbranch of both the REST service and the React apposcal-contentrepositoryhttps://localhost:8080Expected Behavior
The application navigation bar properly includes all relevant documents and all requests to the REST service returned a 200 status response
Actual Behavior
One or more document types fail to load, and the server returns a 5xx response for those requests.
Additional Notes
The fields that cause the issue don't seem to be consistent. I have seen it fail (as in the example below) with
gov.nist.secauto.oscal.lib.model.Parameter, but with varying attributes. Additionally,Partyis a common failure that I have seen. They're always related to someprivatefield (as would be expected).Logs
I have reproduced in containers built with both Java 11 and Java 17; I have not tried reverting to an older version of
liboscal-java. The fact I can't reproduce when usingmvn spring-boot:runin theoscal-rest-service-appdirectory makes this quite a bit trickier to debug.