I'l writing a plugin that calls Jackson to deserialize a json string into a Java object. I understand that in ES 5+ access is pretty much locked down. So is there a way to enable Jackson to do its thing? I'm getting this when submitting a doc:
Just to clarify that I have tried to grant that in plugin's plugin-security.policy file and when installing the plugin I did see the warning, but still it doesn't seem to work ...
from bin/elasticsearch-plugin install:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission accessDeclaredMembers
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
// ES permission you should check before doPrivileged() blocks
import org.elasticsearch.SpecialPermission;
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
// unprivileged code such as scripts do not have SpecialPermission
sm.checkPermission(new SpecialPermission());
}
AccessController.doPrivileged(
// sensitive operation
);
I just found my problem where I missed ReflectPermission and didn't paid close attention to the error message.
Btw, do you know how to deal with conflicting versions of jackson-core (mine is from a dependency jar which is older than ES's)? Is shading mine the only answer?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.