Coldfusion: Java method security exception when working with TestBox

This issue is not exclusive to TestBox, but it occurred in my environment when I started configuring tests in this framework. ColdFusion has not had that many testing frameworks, so TestBox is rather widely used. In order to find a source of the issue on the website, TestBox is performing a deep inspection of the code on the error. On our server this led to the following error:

Java method security exception. A security exception occurred while invoking Java method on a “”java.lang.Class”” object. MethodName is getName. Possible cause: Either the createobject function and cfobject tag are disabled in the security sandbox or you are trying to create a class in the ColdFusion package and that is disabled. The specific sequence of files included or processed is: [file name]

This is a “security exception” and the error message is pointing to the sandbox (function disabled in the sandbox) or disabled ColdFusion package. Both are not the case on our server.

The source of this issue in my case was in the ColdFusion server settings. In Server Settings -> Settings there is such option:

Disable access to internal ColdFusion Java components
Disables the ability for CFML code to access and create Java objects that are part of the internal ColdFusion implementation. This prevents an unauthenticated CFML template from reading or modifying administration and configuration information for this server.

On the production servers, it is disabled by default because we don’t want to give any application such wide access. But on the development or test server, it is safe to uncheck the box next to this setting which will allow the function to work properly:

Once the box is unchecked and settings saved (no need to restart ColdFusion) the TestBox is working fine and is able to inspect the code during execution.

Leave a Reply

Your email address will not be published. Required fields are marked *