honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove nasty permission (hack way but works) 

improving...
This commit is contained in:
Robert Muir 2015-06-27 01:28:13 -04:00
parent 641566d70c
commit 8d04bee8af
2 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/src/main/java/org/elasticsearch/bootstrap/Security.java
View File

@ -68,8 +68,11 @@ final class Security {
private static final Map<Pattern,String> SPECIAL_JARS;
static {
Map<Pattern,String> m = new IdentityHashMap<>();
m.put(Pattern.compile(".*lucene-core-.*\\.jar$"), "es.security.jar.lucene.core");
m.put(Pattern.compile(".*jsr166e-.*\\.jar$"), "es.security.jar.twitter.jsr166e");
m.put(Pattern.compile(".*lucene-core-.*\\.jar$"), "es.security.jar.lucene.core");
m.put(Pattern.compile(".*jsr166e-.*\\.jar$"), "es.security.jar.twitter.jsr166e");
m.put(Pattern.compile(".*securemock-.*\\.jar$"), "es.security.jar.elasticsearch.securemock");
m.put(Pattern.compile(".*mockito-core-.*\\.jar$"), "es.security.jar.mockito.core");
m.put(Pattern.compile(".*objenesis-.*\\.jar$"), "es.security.jar.objenesis");
SPECIAL_JARS = Collections.unmodifiableMap(m);
}

15
core/src/main/resources/org/elasticsearch/bootstrap/security.policy
View File

@ -42,6 +42,17 @@ grant codeBase "${es.security.jar.twitter.jsr166e}" {
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
};
// the following three jars all conspire to support creation of mocks
grant codeBase "${es.security.jar.elasticsearch.securemock}" {
permission java.lang.RuntimePermission "reflectionFactoryAccess";
};
grant codeBase "${es.security.jar.mockito.core}" {
permission java.lang.RuntimePermission "reflectionFactoryAccess";
};
grant codeBase "${es.security.jar.objenesis}" {
permission java.lang.RuntimePermission "reflectionFactoryAccess";
};
//// Everything else:
grant {
@ -113,10 +124,6 @@ grant {
// needed by JDKESLoggerTests
permission java.util.logging.LoggingPermission "control";
// needed by Mockito to create mocks
// TODO: create simple securemock wrapper and only grant to that.
permission java.lang.RuntimePermission "reflectionFactoryAccess";
// needed to install SSLFactories, advanced SSL configuration, etc.
permission java.lang.RuntimePermission "setFactory";
};