Security Policy: AccessControlException


(David Neitz) #1

I'm building a plugin for Elasticsearch and I have a need to call an external REST API. The current elasticsearch security policy is making this difficult. I get the following error:

java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:0" "listen, resolve")

Is there parameters that I can set in the elasticsearch.yaml so it can add my url and ports to the security policy?

Thanks for the assistance.

Dave


(Alexander Reelsen) #2

you have to allow your plugin those kind of calls, as the java security manager blocks them by default. Elasticsearch really tries to lock down any kind of access that would allow attackers to create a channel outside of the cluster.

You can add security exceptions to the src/main/plugin-metadata/plugin-security.policy file in your plugin.

You can just check out the elasticsearch source and take a look at all the plugin-security.policy files in there, i.e. https://github.com/elastic/elasticsearch/blob/master/core/src/main/resources/org/elasticsearch/bootstrap/security.policy (there are about a dozen, so take your time to look)


(David Neitz) #3

I added a plugin-security.policy file with the necessary permissions. I'm running 5.4.1 and the issues is still present.


(David Pilato) #4

In case you did not read it: https://www.elastic.co/guide/en/elasticsearch/plugins/current/plugin-authors.html#plugin-authors-jsm


(David Neitz) #5

Thank you for the assistance.


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.