risdenk edited a comment on issue #1082: SOLR-13984: add (experimental, disabled by default) security manager support URL: https://github.com/apache/lucene-solr/pull/1082#issuecomment-565840002 Running into the follow exception when trying to create a default collection. I set `SOLR_SECURITY_MANAGER_ENABLED=true` in `./bin/solr.in.sh` and ran the following. ``` ./bin/solr start -c # ... ./bin/solr create -c gettingstarted WARNING: Using _default configset with data driven schema functionality. NOT RECOMMENDED for production use. To turn off: bin/solr config -c gettingstarted -p 8983 -action set-user-property -property update.autoCreateFields -value false ``` This shows up in the logging tab: ``` Uncaught exception org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") thrown by thread: OverseerThreadFactory-9-thread-1-processing-n:192.168.1.124:8983_solr ``` Here is the full stacktrace from `server/logs/solr.log` ``` 2019-12-15 19:40:38.823 ERROR (OverseerThreadFactory-9-thread-1-processing-n:192.168.1.124:8983_solr) [ ] o.a.s.c.u.ExecutorUtil Uncaught exception org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") thrown by thread: OverseerThreadFactory-9-thread-1-processing-n:192.168.1.124:8983_solr => java.lang.Exception: Submitter stack trace at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.execute(ExecutorUtil.java:185) java.lang.Exception: Submitter stack trace at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.execute(ExecutorUtil.java:185) ~[?:?] at org.apache.solr.cloud.OverseerTaskProcessor.run(OverseerTaskProcessor.java:315) ~[?:?] at java.lang.Thread.run(Thread.java:834) [?:?] 2019-12-15 19:40:38.824 ERROR (OverseerThreadFactory-9-thread-1) [ ] o.a.z.s.NIOServerCnxnFactory Thread Thread[OverseerThreadFactory-9-thread-1,5,Overseer collection creation process.] died => org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") at org.apache.solr.client.solrj.SolrResponse.serializable(SolrResponse.java:70) org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") at org.apache.solr.client.solrj.SolrResponse.serializable(SolrResponse.java:70) ~[?:?] at org.apache.solr.cloud.OverseerTaskProcessor$Runner.run(OverseerTaskProcessor.java:521) ~[?:?] at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:210) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?] at java.lang.Thread.run(Thread.java:834) [?:?] Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?] at java.security.AccessController.checkPermission(AccessController.java:897) ~[?:?] at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) ~[?:?] at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1238) ~[?:?] at jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:174) ~[?:?] at java.lang.ClassLoader.loadClass(ClassLoader.java:575) ~[?:?] at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?] at org.eclipse.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:543) ~[jetty-webapp-9.4.24.v20191120.jar:9.4.24.v20191120] at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?] at jdk.internal.misc.Unsafe.defineClass0(Native Method) ~[?:?] at jdk.internal.misc.Unsafe.defineClass(Unsafe.java:1192) ~[?:?] at jdk.internal.reflect.ClassDefiner.defineClass(ClassDefiner.java:63) ~[?:?] at jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:400) ~[?:?] at jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:394) ~[?:?] at java.security.AccessController.doPrivileged(Native Method) ~[?:?] at jdk.internal.reflect.MethodAccessorGenerator.generate(MethodAccessorGenerator.java:393) ~[?:?] at jdk.internal.reflect.MethodAccessorGenerator.generateSerializationConstructor(MethodAccessorGenerator.java:112) ~[?:?] at jdk.internal.reflect.ReflectionFactory.generateConstructor(ReflectionFactory.java:514) ~[?:?] at jdk.internal.reflect.ReflectionFactory.newConstructorForSerialization(ReflectionFactory.java:506) ~[?:?] at java.io.ObjectStreamClass.getSerializableConstructor(ObjectStreamClass.java:1516) ~[?:?] at java.io.ObjectStreamClass$2.run(ObjectStreamClass.java:509) ~[?:?] at java.io.ObjectStreamClass$2.run(ObjectStreamClass.java:484) ~[?:?] at java.security.AccessController.doPrivileged(Native Method) ~[?:?] at java.io.ObjectStreamClass.<init>(ObjectStreamClass.java:484) ~[?:?] at java.io.ObjectStreamClass.lookup(ObjectStreamClass.java:381) ~[?:?] at java.io.ObjectStreamClass.<init>(ObjectStreamClass.java:480) ~[?:?] at java.io.ObjectStreamClass.lookup(ObjectStreamClass.java:381) ~[?:?] at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1135) ~[?:?] at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:349) ~[?:?] at org.apache.solr.client.solrj.SolrResponse.serializable(SolrResponse.java:67) ~[?:?] ... 5 more ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
