000020428 - setUserProperty() method fails when called through DCOM Bridge in RSA ClearTrust 5.5.2

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020428
Applies ToRSA ClearTrust 5.5.2
RSA ClearTrust 5.5.2 Administrative DCOM API
Microsoft Windows 2000 Server SP4
J-Integra 1.5.2 SB005
IssuesetUserProperty() method fails when called through DCOM Bridge in RSA ClearTrust 5.5.2
setUserProperty() method failed when called through DCOM Bridge.  The following exception showed up when the call was made in VBScript (through DCOM Bridge):

sirrus.api.client.InvalidTypeException: Illegal class class [Ljava.lang.Object;
at sirrus.api.client.impl.LocalUserPropSDImpl.getPropertyType(LocalUserPropSDImpl.java:377)
at sirrus.api.client.impl.LocalUserPropSDImpl.setUserProperty(LocalUserPropSDImpl.java:219)
at sirrus.api.client.impl.UserImpl.setUserProperty(UserImpl.java:361)
at sun.reflect.GeneratedMethodAccessor11.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.linar.jintegra.ObjectProxy.performIDispatchInvoke(Unknown Source)
at com.linar.jintegra.y.e(Unknown Source)
at com.linar.jintegra.y.d(Unknown Source)
at com.linar.jintegra.y.a(Unknown Source)
at com.linar.jintegra.bk.a(Unknown Source)
at com.linar.jintegra.bk.execute(Unknown Source)
at com.linar.jintegra.ci.run(Unknown Source)
Cause
While it appeared that declaring userPropValue as an array would cause VBScript (through DCOM Bridge) to map to the method setUserProperty(String,Object[]), this was in fact not the case. Whether userPropValue was declared as a single VARIANT or as an ARRAY, it would always map to setUserProperty(String,Object). ClearTrust API method was not able to handle an object passed to it that contained an array of objects.

The ClearTrust API method setUserProperty(String,Object[]) cannot be invoked by the DCOM Bridge due to how type mapping is done. DCOM Bridge maps the VARIANT type in VB to the Object type in Java. However, in VBScript, an array of VARIANTs is ... again a VARIANT. Following this logic DCOM Bridge maps an array of VARIANTs to the Object type in Java as well - not to the Object[] type, as one would expect. For this reason, the DCOM Bridge cannot call the method setUserProperty(String,Object[]) at all. Instead, the method setUserProperty(String,Object) is invoked by the DCOM Bridge.
ResolutionThis issue is resolved in hot fix 5.5.2.31 for RSA ClearTrust Servers. Contact RSA Security Customer Support to request this hot fix, or request the latest fix level for ClearTrust API's (which is cumulative, and contains fixes from previous fix levels). Review the provided Readme file for installation instructions.


1. The first option to resolve the issue does not require applying a hot fix. If only a single user property value needs to be updated, simply define "userPropValue" as a VARIANT and not as an array, or use a single value in the array when passing it to setUserProperty() method (e.g. use either of the following code snippets extracted from the code above):

Use the following:

                Dim userPropValue
                ....
                userPropValue = "12345678"
                ....
                user.setUserProperty userPropName, userPropValue

Or, use this:

                Dim userPropValue (1)
                ....
                userPropValue(0) = "12345678"
                ....
                user.setUserProperty userPropName, userPropValue(0)


2. The second option includes applying hot fix 5.5.2.31 and continuing to use the above failing code, as it is without any changes. NOTE: The method setUserProperty(String aPropertyName, Object aValue) has been updated to accommodate passing of an array of objects. The following code was added to the method:

        try {
            Object[] values = (Object[])aValue;
            setUserProperty (aPropertyName, values);
            return;
        } catch (ClassCastException cce) {
            ;   // fall thru
        }


3. The third option includes applying hot fix 5.5.2.31 and then using new method(s) introduced in a class CleartrustDCOMBridge. The 2 new methods introduced are as follows:

        public static void setUserProperty (IUser user, String propName, java.util.List propValues);

        public static void setPropertyValues (IUserProperty prop, java.util.List propValues);

In this case, a list of user property values is constructed and then passed along to one of the above 2 methods in the DCOM application. Listed below is an example on how to do this:

  1. The current code snippet (from the above VBScript) that fails is:

                dim userPropValue (1)
                ....
                userPropValue(0) = "12345678"
                ....
                user.setUserProperty userPropName, userPropValue

  2. Comment out the line "user.setUserProperty userPropName, userPropValue", and add the following to replace it:

                Dim listOfPropValues
                Dim myHelper
                Set myHelper = GetObject("CTjavaAPI:sirrus.api.com.CleartrustDCOMBridge")
                Set listOfPropValues = GetObject("CTjavaAPI:java.util.ArrayList")
                call listOfPropValues.add(userPropValue(0))
                call myHelper.setUserProperty(user, userPropName, listOfPropValues)

  3. In future, if there's a need to use multi-value user properties, the above code can easily be modified to accommodate additional property values. For example:

                dim userPropValue (2)
                ....
                userPropValue(0) = "12345678"
                userPropValue(1) = "87654321"
                ....
                Dim listOfPropValues
                Dim myHelper
                Set myHelper = GetObject("CTjavaAPI:sirrus.api.com.CleartrustDCOMBridge")
                Set listOfPropValues = GetObject("CTjavaAPI:java.util.ArrayList")
                call listOfPropValues.add(userPropValue(0))
                call listOfPropValues.add(userPropValue(1))
                call myHelper.setUserProperty(user, userPropName, listOfPropValues)


NOTE: RSA ClearTrust 5.5 API documentation and JavaDocs note that the method setUserProperty() had been deprecated. In fact, this method is no longer deprecated, and will continue to be supported for RSA ClearTrust 5.5.x API's.
WorkaroundA VBScript code, listed below, using ClearTrust DCOM API was written to update or set a ClearTrust user property value for a user object:

  Option Explicit
  Dim apiProxy
  Dim connexDescr
  Dim user
  Dim userPropValue(1)
  Dim userPropName
  userPropName = "userproperty1"
  userPropValue(0) = "12345678"
  Set connexDescr = GetObject("CTjavaAPI:sirrus.connect.ConnectionDescriptor")
  Call connexDescr.Initialize("eserver-hostname", 5601, connexDescr.SSL_ANON)
  Set apiProxy = GetObject("CTjavaAPI:sirrus.api.client.APIServerProxy")
  apiProxy.setHostInfo (connexDescr)
  apiProxy.Connect "admin", "password", "Default Administrative Group", "Default Administrative Role"
  Set user = apiProxy.getUserAndProperties("someuser")
  user.setUserProperty userPropName, userPropValue
  user.save
  set apiProxy = nothing
  set connexDescr = nothing
  set user = nothing

"userPropValue" was declared as an array to attempt to use the ClearTrust API method IUser.setUserProperty(String,Object[]) instead of IUser.setUserProperty(String,Object) since RSA ClearTrust 5.5 Java docs reflect that setUserProperty(String,Object) method was deprecated.
Legacy Article IDa22441

Attachments

    Outcomes