diff --git a/elasticsearch/x-pack/build.gradle b/elasticsearch/x-pack/build.gradle index 6177348c490..f3dbd004d1b 100644 --- a/elasticsearch/x-pack/build.gradle +++ b/elasticsearch/x-pack/build.gradle @@ -33,7 +33,6 @@ dependencies { compile 'com.google.guava:guava:16.0.1' // needed by watcher and shield tests for jimfs compile 'com.google.code.findbugs:jsr305:3.0.1' // TODO: remove this compile 'com.sun.mail:javax.mail:1.5.3' - compile 'javax.activation:activation:1.1.1' testCompile 'org.subethamail:subethasmtp:3.1.7' // common test deps diff --git a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy index 1195dcbd196..9d28ff039ef 100644 --- a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy +++ b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy @@ -4,4 +4,11 @@ grant { // needed to set expert SSL options, etc permission java.lang.RuntimePermission "setFactory"; + + // needed when sending emails for javax.activation + // otherwise a classnotfound exception is thrown due to trying + // to load the class with the application class loader + permission java.lang.RuntimePermission "setContextClassLoader"; + permission java.lang.RuntimePermission "getClassLoader"; + }; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/Account.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/Account.java index 0d11598da76..421fb8e3ce8 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/Account.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/Account.java @@ -99,6 +99,7 @@ public class Account { } transport.connect(config.smtp.host, config.smtp.port, user, password); + ClassLoader contextClassLoader = null; try { MimeMessage message = profile.toMimeMessage(email, session); String mid = message.getMessageID(); @@ -108,6 +109,17 @@ public class Account { // we need to add it back message.setHeader(Profile.MESSAGE_ID_HEADER, mid); } + + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + // unprivileged code such as scripts do not have SpecialPermission + sm.checkPermission(new SpecialPermission()); + } + contextClassLoader = AccessController.doPrivileged((PrivilegedAction) () -> Thread.currentThread().getContextClassLoader()); + // if we cannot get the context class loader, changing does not make sense, as we run into the danger of not being able to change it back + if (contextClassLoader != null) { + setContextClassLoader(this.getClass().getClassLoader()); + } transport.sendMessage(message, message.getAllRecipients()); } finally { try { @@ -115,10 +127,25 @@ public class Account { } catch (MessagingException me) { logger.error("failed to close email transport for account [" + config.name + "]"); } + if (contextClassLoader != null) { + setContextClassLoader(contextClassLoader); + } } return email; } + private void setContextClassLoader(final ClassLoader classLoader) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + // unprivileged code such as scripts do not have SpecialPermission + sm.checkPermission(new SpecialPermission()); + } + AccessController.doPrivileged((PrivilegedAction) () -> { + Thread.currentThread().setContextClassLoader(classLoader); + return null; + }); + } + static class Config { static final String SMTP_SETTINGS_PREFIX = "mail.smtp.";