risdenk edited a comment on issue #1082: SOLR-13984: add (experimental, disabled by default) security manager support URL: https://github.com/apache/lucene-solr/pull/1082#issuecomment-565840002 Running into the follow exception when trying to create a default collection. I set `SOLR_SECURITY_MANAGER_ENABLED=true` in `./bin/solr.in.sh` and ran the following. ``` ./bin/solr start -c # ... ./bin/solr create -c gettingstarted WARNING: Using _default configset with data driven schema functionality. NOT RECOMMENDED for production use. To turn off: bin/solr config -c gettingstarted -p 8983 -action set-user-property -property update.autoCreateFields -value false ``` This shows up in the logging tab: ``` Uncaught exception org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") thrown by thread: OverseerThreadFactory-9-thread-1-processing-n:192.168.1.124:8983_solr ``` Here is the full stacktrace from `server/logs/solr.log` ``` 2019-12-15 19:40:38.823 ERROR (OverseerThreadFactory-9-thread-1-processing-n:192.168.1.124:8983_solr) [ ] o.a.s.c.u.ExecutorUtil Uncaught exception org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") thrown by thread: OverseerThreadFactory-9-thread-1-processing-n:192.168.1.124:8983_solr => java.lang.Exception: Submitter stack trace at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.execute(ExecutorUtil.java:185) java.lang.Exception: Submitter stack trace at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.execute(ExecutorUtil.java:185) ~[?:?] at org.apache.solr.cloud.OverseerTaskProcessor.run(OverseerTaskProcessor.java:315) ~[?:?] at java.lang.Thread.run(Thread.java:834) [?:?] 2019-12-15 19:40:38.824 ERROR (OverseerThreadFactory-9-thread-1) [ ] o.a.z.s.NIOServerCnxnFactory Thread Thread[OverseerThreadFactory-9-thread-1,5,Overseer collection creation process.] died => org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") at org.apache.solr.client.solrj.SolrResponse.serializable(SolrResponse.java:70) org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") at org.apache.solr.client.solrj.SolrResponse.serializable(SolrResponse.java:70) ~[?:?] at org.apache.solr.cloud.OverseerTaskProcessor$Runner.run(OverseerTaskProcessor.java:521) ~[?:?] at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:210) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?] at java.lang.Thread.run(Thread.java:834) [?:?] Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?] at java.security.AccessController.checkPermission(AccessController.java:897) ~[?:?] at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) ~[?:?] at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1238) ~[?:?] at jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:174) ~[?:?] at java.lang.ClassLoader.loadClass(ClassLoader.java:575) ~[?:?] at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?] at org.eclipse.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:543) ~[jetty-webapp-9.4.24.v20191120.jar:9.4.24.v20191120] at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?] at jdk.internal.misc.Unsafe.defineClass0(Native Method) ~[?:?] at jdk.internal.misc.Unsafe.defineClass(Unsafe.java:1192) ~[?:?] at jdk.internal.reflect.ClassDefiner.defineClass(ClassDefiner.java:63) ~[?:?] at jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:400) ~[?:?] at jdk.internal.reflect.MethodAccessorGenerator$1.run(MethodAccessorGenerator.java:394) ~[?:?] at java.security.AccessController.doPrivileged(Native Method) ~[?:?] at jdk.internal.reflect.MethodAccessorGenerator.generate(MethodAccessorGenerator.java:393) ~[?:?] at jdk.internal.reflect.MethodAccessorGenerator.generateSerializationConstructor(MethodAccessorGenerator.java:112) ~[?:?] at jdk.internal.reflect.ReflectionFactory.generateConstructor(ReflectionFactory.java:514) ~[?:?] at jdk.internal.reflect.ReflectionFactory.newConstructorForSerialization(ReflectionFactory.java:506) ~[?:?] at java.io.ObjectStreamClass.getSerializableConstructor(ObjectStreamClass.java:1516) ~[?:?] at java.io.ObjectStreamClass$2.run(ObjectStreamClass.java:509) ~[?:?] at java.io.ObjectStreamClass$2.run(ObjectStreamClass.java:484) ~[?:?] at java.security.AccessController.doPrivileged(Native Method) ~[?:?] at java.io.ObjectStreamClass.<init>(ObjectStreamClass.java:484) ~[?:?] at java.io.ObjectStreamClass.lookup(ObjectStreamClass.java:381) ~[?:?] at java.io.ObjectStreamClass.<init>(ObjectStreamClass.java:480) ~[?:?] at java.io.ObjectStreamClass.lookup(ObjectStreamClass.java:381) ~[?:?] at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1135) ~[?:?] at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:349) ~[?:?] at org.apache.solr.client.solrj.SolrResponse.serializable(SolrResponse.java:67) ~[?:?] ... 5 more ``` Similar exception happens if you use the cloud example: `./bin/solr start -e cloud -noprompt` this is just a quick snippet from the log. ``` grep -rnF 'access denied' example/cloud/node*/logs/* example/cloud/node1/logs/solr.log:178:2019-12-15 19:45:03.481 ERROR (OverseerThreadFactory-9-thread-1-processing-n:192.168.1.124:8983_solr) [ ] o.a.s.c.u.ExecutorUtil Uncaught exception org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") thrown by thread: OverseerThreadFactory-9-thread-1-processing-n:192.168.1.124:8983_solr => java.lang.Exception: Submitter stack trace example/cloud/node1/logs/solr.log:184:2019-12-15 19:45:03.482 ERROR (OverseerThreadFactory-9-thread-1) [ ] o.a.z.s.NIOServerCnxnFactory Thread Thread[OverseerThreadFactory-9-thread-1,5,Overseer collection creation process.] died => org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") example/cloud/node1/logs/solr.log:186:org.apache.solr.common.SolrException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") example/cloud/node1/logs/solr.log:193:Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect") ``` All in all - shows the security manager is enabled. I haven't tried on Windows yet but progress.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
