Hi,
I am trying to develop plugin for elasticsearch 5.2.2.
The idea of the plugin is to listen to a JMS queue then create a document based on the received message from the queue. It will use the Client
object passed by Plugin.createComponents
method, so it can index documents.
I can not make this work right now because I am having problem with java.security.AccessControlException
. I have the following permissions inside my plugin-security.policy
.
grant {
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission org.elasticsearch.ThreadPermission "modifyArbitraryThreadGroup";
permission org.elasticsearch.ThreadPermission "modifyArbitraryThread";
};
And I am calling the indexing operation via AccessController.doPrivileged
:
private Client client;
public void onMessage(Message messge) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
//perform indexing using the client.
});
}
But still, I am getting an error on java.security.AccessControlException
:
org.elasticsearch.transport.RemoteTransportException: [wWaQrVv][127.0.0.1:8300][indices:data/write/index[p]]
Caused by: java.security.AccessControlException: access denied ("org.elasticsearch.ThreadPermission" "modifyArbitraryThreadGroup")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:1.8.0_112]
at java.security.AccessController.checkPermission(AccessController.java:884) ~[?:1.8.0_112]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ~[?:1.8.0_112]
at org.elasticsearch.SecureSM.checkThreadGroupAccess(SecureSM.java:194) ~[securesm-1.1.jar:5.2.2]
at org.elasticsearch.SecureSM.checkAccess(SecureSM.java:141) ~[securesm-1.1.jar:5.2.2]
at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315) ~[?:1.8.0_112]
at java.lang.Thread.init(Thread.java:391) ~[?:1.8.0_112]
at java.lang.Thread.init(Thread.java:349) ~[?:1.8.0_112]
at java.lang.Thread.<init>(Thread.java:675) ~[?:1.8.0_112]
at org.elasticsearch.common.util.concurrent.EsExecutors$EsThreadFactory.newThread(EsExecutors.java:173) ~[elasticsearch-5.2.2.jar:5.2.2]
at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:612) ~[?:1.8.0_112]
at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:925) ~[?:1.8.0_112]
at java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1357) ~[?:1.8.0_112]
at org.elasticsearch.common.util.concurrent.EsThreadPoolExecutor.doExecute(EsThreadPoolExecutor.java:94) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.common.util.concurrent.EsThreadPoolExecutor.execute(EsThreadPoolExecutor.java:89) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.transport.TransportService.sendLocalRequest(TransportService.java:606) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.transport.TransportService.access$000(TransportService.java:72) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.transport.TransportService$3.sendRequest(TransportService.java:131) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.transport.TransportService.sendRequestInternal(TransportService.java:554) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.transport.TransportService.sendRequest(TransportService.java:485) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.transport.TransportService.sendRequest(TransportService.java:473) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase.performAction(TransportReplicationAction.java:727) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase.performLocalAction(TransportReplicationAction.java:646) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase.doRun(TransportReplicationAction.java:634) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.support.replication.TransportReplicationAction.doExecute(TransportReplicationAction.java:146) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.index.TransportIndexAction.innerExecute(TransportIndexAction.java:156) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.index.TransportIndexAction.doExecute(TransportIndexAction.java:136) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.index.TransportIndexAction.doExecute(TransportIndexAction.java:68) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:173) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:145) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:87) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:75) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:64) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:403) [elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.client.support.AbstractClient.index(AbstractClient.java:415) [elasticsearch-5.2.2.jar:5.2.2]
...
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_112]