Getting java.security.AccessControlException error on service startup

The specific error is:
Getting java.security.AccessControlException: access denied ("java.io.FilePermission" "D:\ELK\appdynamics\conf\SAPPLOG01\processPersistenceFile.ser" "read") error

I've installed an APM agent in my Elasticsearch instance and have a parameter in my jvm.options file to start it up on Elasticsearch startup. The issue that I am running into is the error that I've specified above. I've searched the documentation for Elasticsearch configuration but can't find anything that references when Elasticsearch needs to access anything outside of it's directory structure.

What am I missing here?

TIA,
Bill Youngman

You have to grant an additional security manager permission to Elasticsearch, as Elasticsearch restricts itself to only read a limited set of paths. Note that doing so is at your own risk.

New at this - how would I do that?

Thanks

You can create a custom policy file and add the grant permission java.io.FilePermission "D:\ELK\appdynamics\conf\SAPPLOG01\processPersistenceFile.ser", "read" to that policy file.

I want to be clear about two things here:

  • you're in your own territory here as far as the security risks here
  • we do not support Elasticsearch with agents like this attached

Jason,

Our ELK stack is located in an internal domain that you have to be a member of in order to get access to the system so if you haven't been added to that domain group you can't access anything in it.

Understood about the agent support or not supporting. I tried to make the pitch to use your APM but our Technical Director went off and in a silo selected this system without consulting anybody or getting feedback so we're stuck with it.

Thanks,
Bill

Jason,

I was able to get a custom security .policy configuration up and running so I'm going to mark this thread as solved.

But as i stated earlier once we get approval to expand our ELK stack we'll be moving the apm into the Elasticsearch environment.

Thanks,
Bill

Great news, on both fronts, that you’re running for now, and aiming to move to Elastic APM.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.