I am trying to upgrade to ElasticSearch 5.0.1. As part of this, I am trying to get the Finnish language analyzer plugin from https://bitbucket.org/evidentsolutions/elasticsearch-analysis-voikko/overview to work with it. I seem to have it otherwise working but the security manager issue mentioned also on that bitbucket URL is giving me some issues. Explain:
I have put the "plugin-security.policy" file in the directory with the rest of the plugin files. Everything else for the plugin seems to be loading fine but the security manager keeps throwing exceptions such as:
java.security.AccessControlException: access denied ("java.io.FilePermission" "/usr/lib/liblibvoikko.so.1.dylib" "read")
the plugin-security.policy has the line
permission java.io.FilePermission "/usr/lib/liblibvoikko.so.1.dylib", "read";
and I invoke the part of the library that leads to trying to access this file with an AccessController.doPrivileged() block.
I am not sure if the plugin policy file is loaded or not, as I do not see any complaints about it on the console. I understood that there would be some message to accept for plugins that ask for extra permissions. So maybe it is not correctly configured even, but I did not find a good way to check. In any case, it is in the same dir as the plugin-descriptor.properties file which loads fine
So again, on the bitbucket page for the plugin there is mention that this has also been an issue for versions 2.X and would be due to the ElasticSearch jars already including JNA and thus not being able to package it with the plugin, which leads to the security policy not being applied to JNA as it is not in the scope of the plugin. The workaround suggested for 2.X was to disable security manager but in 5.X this is no longer supported.
So I finally managed to get it to work by putting all the permissions needed into the JRE java.policy file. After this it seems to work just fine. But I feel this is slightly naughty, and also a bit of work every time. So is there any alternative to fix this to get security policies to work with JNA? Give the policy file as parameter to ES start script? Get the plugin policy file accepted somehow? Anything.. ?