We're reclaiming inactive PDIs to keep them available for active builders. Learn what's changing, who's affected, and how to protect your work. Read More

SecurityException "Illegal access to method read()" on java.util.zip.InflaterInputStream in server-s

PavanV
Tera Contributor
 
Hi all,
 
I'm trying to unzip a ZIP file attachment on a case record from server-side script
(Business Rule on sys_attachment, after insert), and I'm hitting a hard
SecurityException that I can't find a documented workaround for. Hoping someone
here has hit this before.
 
WHAT I'M TRYING TO DO
Extract each file inside a ZIP attachment and re-attach it individually to the
same case record (via GlideSysAttachment), while leaving the original ZIP
attachment in place. Classic "unzip email attachment onto case" requirement.
 
WHAT I'VE TRIED
Running this in a Script Include, called from a Business Rule (after insert on
sys_attachment), in Global scope:
 
var inputStream = new GlideSysAttachment().getContentStream(zipAttachmentSysId);
var zis = new Packages.java.util.zip.ZipInputStream(inputStream);
var entry;
while ((entry = zis.getNextEntry()) !== null) {
var buffer = Packages.java.lang.reflect.Array.newInstance(Packages.java.lang.Byte.TYPE, 8192);
var len;
while ((len = zis.read(buffer)) !== -1) {
// ... accumulate bytes
}
}
 
This throws:
java.lang.SecurityException: Illegal access to method read([B) in class java.io.FilterInputStream
 
I then tried the no-argument read() overload instead of the buffered version:
while ((singleByte = zis.read()) !== -1) { ... }
 
This throws a similar, but distinct, error:
java.lang.SecurityException: Illegal access to method read() in class java.util.zip.InflaterInputStream
 
So it looks like it's not about which overload I use — reads on this stream
class hierarchy appear to be blocked entirely by the script sandbox / security
manager, in Global scope, as an admin user.
 
WHAT I'M ASKING
1. Is this a hard, non-configurable platform restriction (i.e. no customer-side
fix exists), or is there a Java Access Control / security exception an admin
can grant for specific classes/methods?
2. Has anyone gotten java.util.zip.ZipInputStream (or java.util.zip.Inflater
directly) working from server-side script on a recent release? If so, what
release/version, and did you need any special configuration?
3. I've seen GlideZipUtil referenced in some older threads as an internal zip
utility — is that fully deprecated/blocked now, or does it still work for
anyone?
4. I don't have IntegrationHub Professional Pack or a MID Server available, so
the native Flow Designer Zip/Unzip step and the MID Server FileManager
approach aren't options for us right now. Is there any other supported,
license-free way to decompress a ZIP from server-side script?
 
Any pointers — even "this is permanently blocked, don't waste more time on it" —
would be genuinely useful. Thanks!
 
 
Release: zurich
Scope: Global
Plugins active: Customer Service Management
 
5 REPLIES 5

Ankur Bawiskar
Tera Patron

@PavanV 

is it because of file size?

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader

No, Not because of size @Ankur Bawiskar 

@PavanV 

check link I shared below

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader

Ankur Bawiskar
Tera Patron

@PavanV 

see this

Unzip a file using script 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader