Hello there,
I've attempted to author a custom realm as a fat JAR. When installing it I get the following JarHell error:
[root@iel-dev-tfsr-vm1 x-pack]# ./extension install file:///home/tango/john/ims-realm-1.0.0-SNAPSHOT.zip
-> Downloading file:///home/tango/john/ims-realm-1.0.0-SNAPSHOT.zip
Exception in thread "main" java.lang.IllegalStateException: jar hell!
class: org.apache.commons.logging.impl.AvalonLogger
jar1: /usr/share/elasticsearch/plugins/x-pack/commons-logging-1.1.3.jar
jar2: /usr/share/elasticsearch/plugins/x-pack/extensions/.installing-1737085689021563353/ims-realm-1.0.0-SNAPSHOT.jar
at org.elasticsearch.bootstrap.JarHell.checkClass(JarHell.java:277)
at org.elasticsearch.bootstrap.JarHell.checkJarHell(JarHell.java:187)
at org.elasticsearch.xpack.extensions.InstallXPackExtensionCommand.jarHellCheck(InstallXPackExtensionCommand.java:197)
at org.elasticsearch.xpack.extensions.InstallXPackExtensionCommand.verify(InstallXPackExtensionCommand.java:169)
at org.elasticsearch.xpack.extensions.InstallXPackExtensionCommand.install(InstallXPackExtensionCommand.java:207)
at org.elasticsearch.xpack.extensions.InstallXPackExtensionCommand.execute(InstallXPackExtensionCommand.java:116)
at org.elasticsearch.xpack.extensions.InstallXPackExtensionCommand.execute(InstallXPackExtensionCommand.java:102)
at org.elasticsearch.cli.SettingCommand.execute(SettingCommand.java:54)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:69)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122)
at org.elasticsearch.cli.Command.main(Command.java:88)
at org.elasticsearch.xpack.extensions.XPackExtensionCli.main(XPackExtensionCli.java:36)
Do you know how to trouble-shoot or track down the offending dependency? I have quite a few dependencies:
Thank you Tim - I've followed your guidance and have successfully installed my custom realm.
My custom realm attempts to authenticate against an external system by sending a HTTP request to that system. On initialization it attempts to create the HTTP client. However, I'm receiving a permissions problem:
Caused by: java.security.AccessControlException: access denied ("java.net.NetPermission" "getProxySelector")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:1.8.0_92]
at java.security.AccessController.checkPermission(AccessController.java:884) ~[?:1.8.0_92]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ~[?:1.8.0_92]
at java.net.ProxySelector.getDefault(ProxySelector.java:94) ~[?:1.8.0_92]
at org.apache.http.impl.client.HttpClientBuilder.build(HttpClientBuilder.java:1147) ~[?:?]
at org.apache.http.impl.client.HttpClients.createSystem(HttpClients.java:66) ~[?:?]
at org.springframework.http.client.HttpComponentsClientHttpRequestFactory.(HttpComponentsClientHttpRequestFactory.java:88) ~[?:?]
at org.springframework.http.client.HttpComponentsAsyncClientHttpRequestFactory.(HttpComponentsAsyncClientHttpRequestFactory.java:67) ~[?:?]
at com.tango.common.mvc.client.AsyncClient.(AsyncClient.java:61) ~[?:?]
at com.tango.common.mvc.client.AsyncClient.(AsyncClient.java:45) ~[?:?]
at com.tango.common.mvc.client.AsyncClient$Builder.build(AsyncClient.java:267) ~[?:?]
at com.tango.xpack.realm.IMSRealm.(IMSRealm.java:67) ~[?:?]
at com.tango.xpack.realm.IMSRealmFactory.create(IMSRealmFactory.java:19) ~[?:?]
at com.tango.xpack.realm.IMSRealmFactory.create(IMSRealmFactory.java:11) ~[?:?]
at org.elasticsearch.xpack.security.authc.Realms.initRealms(Realms.java:182) ~[?:?]
at org.elasticsearch.xpack.security.authc.Realms.doStart(Realms.java:82) ~[?:?]
at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:69) ~[elasticsearch-5.1.2.jar:5.1.2]
at java.util.ArrayList.forEach(ArrayList.java:1249) ~[?:1.8.0_92]
at java.util.Collections$UnmodifiableCollection.forEach(Collections.java:1080) ~[?:1.8.0_92]
at org.elasticsearch.node.Node.start(Node.java:542) ~[elasticsearch-5.1.2.jar:5.1.2]
at org.elasticsearch.bootstrap.Bootstrap.start(Bootstrap.java:234) ~[elasticsearch-5.1.2.jar:5.1.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:308) ~[elasticsearch-5.1.2.jar:5.1.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-5.1.2.jar:5.1.2]
I attempted to add a plugin-security.policy file on my classpath with the following grant -
permission java.net.NetPermission "*";
However, I get the same result? Any ideas how to resolve this one?
I followed the steps suggested there. Unfortunately, though it doesn't seem to be picking up the permission I specified in x-pack-extension-security.policy. I add code like:
if(sm != null) {
sm.checkPermission(new NetworkPermission("getProxySelector"));
}
AccessController.doPrivileged((PrivilegedAction) () -> {
final AsyncClient asyncClient = new AsyncClient.Builder()
.withConnectionTimeout(connectionTimeout).withSocketTimeout(socketTimeout)
.withMaxConnections(maxConnections).withMaxConnectionsPerHost(maxConnectionsPerHost).build();
this.imsClient = new IMSClient("http://localhost", Optional.of(asyncClient), imsCacheSize, imsCacheExpiryInMinutes);
return null;
});
However, the checkPermission is saying I don't have permission even after the I okayed the permissions when installing the custom realm plugin and the .policy file is present
[root@iel-dev-tfsr-vm1 tango-ims-realm]# pwd
/usr/share/elasticsearch/plugins/x-pack/extensions/tango-ims-realm
[root@iel-dev-tfsr-vm1 tango-ims-realm]# ls
ims-realm-1.0.0-SNAPSHOT.jar x-pack-extension-descriptor.properties x-pack-extension-security.policy
Thanks for your response.
The contents of my x-pack-extension-descriptor.properties:
description=Tango IMS Realm Extension
version=1.0.0-SNAPSHOT
name=tango-ims-realm
classname=com.tango.xpack.IMSRealmExtension
java.version=1.8
xpack.version=5.1.2
The contents of my x-pack-extension-security.policy:
grant {
permission java.net.NetPermission "getProxySelector";
};
I'm building my fat JAR with maven assembly plugin.
Then when attempting to install I do the following:
[root@iel-dev-tfsr-vm1 x-pack]# ./extension remove tango-ims-realm
-> Removing tango-ims-realm...
[root@iel-dev-tfsr-vm1 x-pack]# ./extension install file:///home/tango/john/tango-ims-realm-1.0.0-SNAPSHOT.zip
-> Downloading file:///home/tango/john/tango-ims-realm-1.0.0-SNAPSHOT.zip
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: x-pack extension requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.