I'm building a plugin for Elasticsearch and I have a need to call an external REST API. The current elasticsearch security policy is making this difficult. I get the following error:
java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:0" "listen, resolve")
Is there parameters that I can set in the elasticsearch.yaml so it can add my url and ports to the security policy?
Thanks for the assistance.
Dave
you have to allow your plugin those kind of calls, as the java security manager blocks them by default. Elasticsearch really tries to lock down any kind of access that would allow attackers to create a channel outside of the cluster.
You can add security exceptions to the src/main/plugin-metadata/plugin-security.policy file in your plugin.
You can just check out the elasticsearch source and take a look at all the plugin-security.policy files in there, i.e. https://github.com/elastic/elasticsearch/blob/master/core/src/main/resources/org/elasticsearch/bootstrap/security.policy (there are about a dozen, so take your time to look)
I added a plugin-security.policy file with the necessary permissions. I'm running 5.4.1 and the issues is still present.
In case you did not read it: https://www.elastic.co/guide/en/elasticsearch/plugins/current/plugin-authors.html#plugin-authors-jsm
Thank you for the assistance.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.