Custom X-PACK realm policy issue

I applied all things I need to do but still get access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")

Code:

      AccessController.doPrivileged((PrivilegedAction<User>) () -> {
            if (null != auth(actualUser, new String(token.credentials().copyChars()))){
                return new User(actualUser, new String[] {"superuser"});
            }
            return null;
        });

In auth method the problem is caused by following code:

          ObjectMapper mapper = new ObjectMapper();
          AuthResult authResult = mapper.readValue(response.toString(), AuthResult.class);

my x-pack-extension-security.policy

grant {
          // needed because of problems in unbound LDAP library
          permission java.util.PropertyPermission "*", "read,write";

      // required to configure the custom mailcap for watcher
      permission java.lang.RuntimePermission "setFactory";

      // needed when sending emails for javax.activation
      // otherwise a classnotfound exception is thrown due to trying
      // to load the class with the application class loader
      permission java.lang.RuntimePermission "setContextClassLoader";
      permission java.lang.RuntimePermission "getClassLoader";
      // TODO: remove use of this jar as soon as possible!!!!
      permission java.lang.RuntimePermission "accessClassInPackage.com.sun.activation.registries";

      // bouncy castle
      permission java.security.SecurityPermission "putProviderProperty.BC";

      // needed for x-pack security extension
      permission java.security.SecurityPermission "createPolicy.JavaPolicy";
      permission java.security.SecurityPermission "getPolicy";
      permission java.security.SecurityPermission "setPolicy";

      // Netty SelectorUtil wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854
      // the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely!
      permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write";

      // needed for multiple server implementations used in tests
      permission java.net.SocketPermission "*", "accept,connect";

      permission java.io.FilePermission "<<ALL FILES>>", "read,execute,readlink";
      permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
      permission java.lang.RuntimePermission "accessDeclaredMembers";
    };

Don't know why this happened.

I suggest trying to remove all of the other lines from that file. Those permissions should be unnecessary for your custom extension. Also can you post the full stack trace?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.