Plugin failed to load YAML file due to java.security.AccessControlException

I want my plugin to load yaml file, but it threw java.security.AccessControlException.

Log

org.yaml.snakeyaml.constructor.ConstructorException: Can't construct a java object for tag:yaml.org,2002:com.linkdoc.elasticsearch_dynamic_jieba.Config; exception=java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
 in 'reader', line 1, column 1:
    serviceEndpoint: "http://172.16. ...
    ^

	at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:336) ~[snakeyaml-1.26.jar:?]
	at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) ~[snakeyaml-1.26.jar:?]
	at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:219) ~[snakeyaml-1.26.jar:?]
	at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:173) ~[snakeyaml-1.26.jar:?]
	at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:157) ~[snakeyaml-1.26.jar:?]
	at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:472) ~[snakeyaml-1.26.jar:?]
	at org.yaml.snakeyaml.Yaml.load(Yaml.java:411) ~[snakeyaml-1.26.jar:?]
	at com.linkdoc.elasticsearch_dynamic_jieba.Config.lambda$load$0(Config.java:46) ~[?:?]
	at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_201]
	at com.linkdoc.elasticsearch_dynamic_jieba.ClientSecurityManager.doPrivilegedException(ClientSecurityManager.java:14) ~[?:?]
	at com.linkdoc.elasticsearch_dynamic_jieba.Config.load(Config.java:40) ~[?:?]
......

What I did:

    Config config = null;
    try (InputStream inputStream = new FileInputStream(configFile)) {
        config = ClientSecurityManager.doPrivilegedException(() -> {
            Representer representer = new Representer();
            representer.getPropertyUtils().setSkipMissingProperties(true);
            Constructor constructor = new CustomClassLoaderConstructor(Config.class, Config.class.getClassLoader());
            Yaml yaml = new Yaml(constructor, representer);

            return yaml.load(inputStream); // This line raises error
        });
    } catch (Exception e) {
        logger.error(e);
    }

ClientSecurityManager

class ClientSecurityManager {

    static <T> T doPrivilegedException(PrivilegedExceptionAction<T> operation) throws Exception {
        SpecialPermission.check();
        try {
            return AccessController.doPrivileged(operation);
        } catch (PrivilegedActionException e) {
            throw (Exception) e.getCause();
        }
    }
}

plugin-security.policy

grant {
    permission java.lang.RuntimePermission "setContextClassLoader";
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission java.net.SocketPermission "*", "accept,resolve,connect";
    permission java.net.NetPermission "getProxySelector";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

Please someone helps.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.