Merge branch 'master' into feature/multi_cluster_search
This commit is contained in:
Simon Willnauer
commit
3f784a4424
|
|
@ -85,12 +85,6 @@ import java.util.Map;
|
|||
* cleanups to the scripting apis). But still it can provide some defense for users
|
||||
* that enable dynamic scripting without being fully aware of the consequences.
|
||||
* <br>
|
||||
* <h1>Disabling Security</h1>
|
||||
* SecurityManager can be disabled completely with this setting:
|
||||
* <pre>
|
||||
* es.security.manager.enabled = false
|
||||
* </pre>
|
||||
* <br>
|
||||
* <h1>Debugging Security</h1>
|
||||
* A good place to start when there is a problem is to turn on security debugging:
|
||||
* <pre>
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ public class MetaDataDeleteIndexService extends AbstractComponent {
|
|||
final int previousGraveyardSize = graveyardBuilder.tombstones().size();
|
||||
for (final Index index : indices) {
|
||||
String indexName = index.getName();
|
||||
logger.debug("[{}] deleting index", index);
|
||||
logger.info("{} deleting index", index);
|
||||
routingTableBuilder.remove(indexName);
|
||||
clusterBlocksBuilder.removeIndexBlocks(indexName);
|
||||
metaDataBuilder.remove(indexName);
|
||||
|
|
|
|||
|
|
@ -141,46 +141,6 @@ public class EvilLoggerTests extends ESTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
public void testLog4jShutdownHack() {
|
||||
final AtomicBoolean denied = new AtomicBoolean();
|
||||
final SecurityManager sm = System.getSecurityManager();
|
||||
try {
|
||||
System.setSecurityManager(new SecurityManager() {
|
||||
@Override
|
||||
public void checkPermission(Permission perm) {
|
||||
// just grant all permissions to Log4j, except we deny MBeanServerPermission
|
||||
// "createMBeanServer" as this will trigger the Log4j bug
|
||||
if (perm instanceof MBeanServerPermission && "createMBeanServer".equals(perm.getName())) {
|
||||
// without the hack in place, Log4j will try to get an MBean server which we will deny
|
||||
// with the hack in place, this permission should never be requested by Log4j
|
||||
denied.set(true);
|
||||
throw new AccessControlException("denied");
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkPropertyAccess(String key) {
|
||||
/*
|
||||
* grant access to all properties; this is so that Log4j can check if its usage
|
||||
* of JMX is disabled or not by reading log4j2.disable.jmx but there are other
|
||||
* properties that Log4j will try to read as well and its simpler to just grant
|
||||
* them all
|
||||
*/
|
||||
}
|
||||
});
|
||||
|
||||
// this will trigger the bug without the hack
|
||||
LoggerContext context = (LoggerContext) LogManager.getContext(false);
|
||||
Configurator.shutdown(context);
|
||||
|
||||
// Log4j should have never requested permissions to create an MBean server
|
||||
assertFalse(denied.get());
|
||||
} finally {
|
||||
System.setSecurityManager(sm);
|
||||
}
|
||||
}
|
||||
|
||||
private void setupLogging(final String config) throws IOException, UserException {
|
||||
final Path configDir = getDataPath(config);
|
||||
// need to set custom path.conf so we can use a custom log4j2.properties file for the test
|
||||
|
|
|
|||
|
|
@ -1605,7 +1605,7 @@ public abstract class AbstractSimpleTransportTestCase extends ESTestCase {
|
|||
latch.await();
|
||||
serviceA.removeConnectionListener(waitForConnection);
|
||||
serviceB.removeConnectionListener(waitForConnection);
|
||||
serviceB.removeConnectionListener(waitForConnection);
|
||||
serviceC.removeConnectionListener(waitForConnection);
|
||||
|
||||
|
||||
Map<TransportService, DiscoveryNode> toNodeMap = new HashMap<>();
|
||||
|
|
|
|||
Loading…
Reference in New Issue