I want my plugin to load yaml file, but it threw java.security.AccessControlException
.
Log
org.yaml.snakeyaml.constructor.ConstructorException: Can't construct a java object for tag:yaml.org,2002:com.linkdoc.elasticsearch_dynamic_jieba.Config; exception=java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
in 'reader', line 1, column 1:
serviceEndpoint: "http://172.16. ...
^
at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:336) ~[snakeyaml-1.26.jar:?]
at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) ~[snakeyaml-1.26.jar:?]
at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:219) ~[snakeyaml-1.26.jar:?]
at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:173) ~[snakeyaml-1.26.jar:?]
at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:157) ~[snakeyaml-1.26.jar:?]
at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:472) ~[snakeyaml-1.26.jar:?]
at org.yaml.snakeyaml.Yaml.load(Yaml.java:411) ~[snakeyaml-1.26.jar:?]
at com.linkdoc.elasticsearch_dynamic_jieba.Config.lambda$load$0(Config.java:46) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_201]
at com.linkdoc.elasticsearch_dynamic_jieba.ClientSecurityManager.doPrivilegedException(ClientSecurityManager.java:14) ~[?:?]
at com.linkdoc.elasticsearch_dynamic_jieba.Config.load(Config.java:40) ~[?:?]
......
What I did:
Config config = null;
try (InputStream inputStream = new FileInputStream(configFile)) {
config = ClientSecurityManager.doPrivilegedException(() -> {
Representer representer = new Representer();
representer.getPropertyUtils().setSkipMissingProperties(true);
Constructor constructor = new CustomClassLoaderConstructor(Config.class, Config.class.getClassLoader());
Yaml yaml = new Yaml(constructor, representer);
return yaml.load(inputStream); // This line raises error
});
} catch (Exception e) {
logger.error(e);
}
ClientSecurityManager
class ClientSecurityManager {
static <T> T doPrivilegedException(PrivilegedExceptionAction<T> operation) throws Exception {
SpecialPermission.check();
try {
return AccessController.doPrivileged(operation);
} catch (PrivilegedActionException e) {
throw (Exception) e.getCause();
}
}
}
plugin-security.policy
grant {
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.net.SocketPermission "*", "accept,resolve,connect";
permission java.net.NetPermission "getProxySelector";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
Please someone helps.