I add some files in “modules/transport-netty4”, and use a thrid party jar as dependency. When I start up elasticsearch, it failed, and error message shows in log file:
So I modify "plugin-security.policy" in "modules/transport-netty4" (The thrid party jar also in this directory):
grant {
permission Java.io.FilePermission "/opt/dap_security/application.properties", "read";
};
But it does not work, error message still exists.
I want to know how to make java security policy files useful? Or other ways to solve the above problem?
I'm not sure, but I believe the idea is to stick configuration files under /etc/elasticsearch where we already have the right to read them. I think symlinks are respected but haven't tried it in a few years and am kind of going from memory here. But I'm sure that changing the contents of the jars is going to be a maintenance nightmare.
Dropping additional jars into a plugin or module is unsupported. Additionally, modifying the security policy of any part of elasticsearch won't work, as permissions alone will not solve the problem: there must be an associated code change to make use of the granted permission.
Can you please explain what you are trying to do with this additional jar and we can help you find a better way to achieve the goal?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.