Custom classic plugin plugin-security.policy - cannot access external REST

I have this in my plugin-security.policy:

grant {
  permission java.net.SocketPermission "*", "connect,resolve,accept,listen";

The file is "picked up" by the plugin installer, as it is warning me about other required permissions (which I eventually added).
When I run this processor in a pipeline, it is giving me this:

"""access denied ("java.net.SocketPermission" "control-plane-gateway-xxxxxx.dev:443" "connect,resolve

I've looked at all the policy files I could find in the code base. Nothing seems to work.
I have also tried to add permissions in code, but due to the deprecation warning, I gave up on that avenue.
Any helpful comments?

It's hard to debug without seeing your code, but the most likely cause is that you haven't wrapped your socket access in a doPrivileged block.

The rests of the ES codebase does not have socket permissions, so under Java's stack based security model, your code cannot open a socket if it has been called by code that lacks permission to open sockets.

The builtin GeoIP module can be used as an example:

Thank you.
I came to the same conclusion.
I'll use the ClientBuilder and post the results.

Thanks for the hint.
I created an ```InputStream post(String urlToGet, String method, String authorization, String content_type, String body, Map<String,String> parameters) throws IOException {

```    InputStream get(String urlToGet) throws IOException {
        return doPrivileged(() -> {
``` in the HttpClient.java file from the GeoIP plugin. 
Works.
Now if I can only get the plugin to read the config file. with the REST security settings.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.