I ported my groovy-based web app plugin to 2.0.0-beta1
https://github.com/jprante/elasticsearch-webapp
but the new security manager got in the way because I am using NIO:
Exception in thread "main" java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.sun.nio.fs")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
at java.lang.Class.checkPackageAccess(Class.java:2372)
at java.lang.Class.checkMemberAccess(Class.java:2351)
at java.lang.Class.getMethod(Class.java:1783)
at org.codehaus.groovy.reflection.stdclasses.CachedSAMClass.hasUsableImplementation(CachedSAMClass.java:130)
at org.codehaus.groovy.reflection.stdclasses.CachedSAMClass.getSAMMethod(CachedSAMClass.java:191)
at org.codehaus.groovy.reflection.ClassInfo.isSAM(ClassInfo.java:359)
at org.codehaus.groovy.reflection.ClassInfo.createCachedClass(ClassInfo.java:349)
at org.codehaus.groovy.reflection.ClassInfo.access$700(ClassInfo.java:41)
at org.codehaus.groovy.reflection.ClassInfo$LazyCachedClassRef.initValue(ClassInfo.java:497)
at org.codehaus.groovy.reflection.ClassInfo$LazyCachedClassRef.initValue(ClassInfo.java:488)
at org.codehaus.groovy.util.LazyReference.getLocked(LazyReference.java:49)
at org.codehaus.groovy.util.LazyReference.get(LazyReference.java:36)
at org.codehaus.groovy.reflection.ClassInfo.getCachedClass(ClassInfo.java:111)
at org.codehaus.groovy.reflection.ReflectionCache.getCachedClass(ReflectionCache.java:110)
at org.codehaus.groovy.reflection.CachedClass$4.initValue(CachedClass.java:141)
at org.codehaus.groovy.reflection.CachedClass$4.initValue(CachedClass.java:138)
at org.codehaus.groovy.util.LazyReference.getLocked(LazyReference.java:49)
at org.codehaus.groovy.util.LazyReference.get(LazyReference.java:36)
at org.codehaus.groovy.reflection.CachedClass.getCachedSuperClass(CachedClass.java:248)
at org.codehaus.groovy.reflection.CachedClass$8.initValue(CachedClass.java:214)
at org.codehaus.groovy.reflection.CachedClass$8.initValue(CachedClass.java:200)
at org.codehaus.groovy.util.LazyReference.getLocked(LazyReference.java:49)
at org.codehaus.groovy.util.LazyReference.get(LazyReference.java:36)
at org.codehaus.groovy.reflection.CachedClass.getInterfaces(CachedClass.java:252)
at org.codehaus.groovy.reflection.CachedClass.<init>(CachedClass.java:238)
at org.codehaus.groovy.reflection.ClassInfo.createCachedClass(ClassInfo.java:352)
<<<truncated>>>
Refer to the log for complete error details.
This happens because Groovy looks up sun.nio.fs.UnixPath
, and for Groovy using NIO networking, file channel access is also prevented.
So I would love to see Groovy-related NIO additions to the ES security policy file
Suggestion:
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.fs";
I can work around that with -Dsecurity.manager.enabled=false
but I'm not sure if that should be recommended.
Should I open an issue?