diff --git a/core/src/main/java/org/elasticsearch/bootstrap/Security.java b/core/src/main/java/org/elasticsearch/bootstrap/Security.java index 6caa645b988..4741dc93291 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/Security.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/Security.java @@ -68,8 +68,8 @@ final class Security { private static final Map SPECIAL_JARS; static { Map m = new IdentityHashMap<>(); - m.put(Pattern.compile(".*lucene-core-.*\\.jar$"), "es.security.lucene.core.jar"); - m.put(Pattern.compile(".*jsr166e-.*\\.jar$"), "es.security.twitter.jsr166e.jar"); + m.put(Pattern.compile(".*lucene-core-.*\\.jar$"), "es.security.jar.lucene.core"); + m.put(Pattern.compile(".*jsr166e-.*\\.jar$"), "es.security.jar.twitter.jsr166e"); SPECIAL_JARS = Collections.unmodifiableMap(m); } @@ -95,7 +95,7 @@ final class Security { } for (String prop : SPECIAL_JARS.values()) { if (System.getProperty(prop) == null) { - throw new IllegalStateException("property: " + prop + " was never set"); + System.setProperty(prop, "/dev/null"); // no chance to be interpreted as "all" } } } else { diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy index 85fab5f5b17..6e550e0d165 100644 --- a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy +++ b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy @@ -31,12 +31,12 @@ grant codeBase "file:${{java.ext.dirs}}/*" { //// Very special jar permissions: //// These are dangerous permissions that we don't want to grant to everything. -grant codeBase "${es.security.lucene.core.jar}" { +grant codeBase "${es.security.jar.lucene.core}" { // needed to allow MMapDirectory's "unmap hack" permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; }; -grant codeBase "${es.security.twitter.jsr166e.jar}" { +grant codeBase "${es.security.jar.twitter.jsr166e}" { // needed for LongAdder etc // TODO: remove this in java 8! permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; @@ -113,7 +113,8 @@ grant { // needed by JDKESLoggerTests permission java.util.logging.LoggingPermission "control"; - // needed by Mockito + // needed by Mockito to create mocks + // TODO: create simple securemock wrapper and only grant to that. permission java.lang.RuntimePermission "reflectionFactoryAccess"; // needed to install SSLFactories, advanced SSL configuration, etc.