Merge pull request #15378 from rmuir/tame_reflection

Remove RuntimePermission("accessDeclaredMembers")
This commit is contained in:
Robert Muir 2015-12-10 15:25:44 -05:00
commit d190283fea
70 changed files with 153 additions and 92 deletions

View File

@ -92,6 +92,13 @@ java.net.InetAddress#getCanonicalHostName()
java.net.InetSocketAddress#getHostName() @ Use getHostString() instead, which avoids a DNS lookup
@defaultMessage Do not violate java's access system
java.lang.Class#getDeclaredClasses() @ Do not violate java's access system: Use getClasses() instead
java.lang.Class#getDeclaredConstructor(java.lang.Class[]) @ Do not violate java's access system: Use getConstructor() instead
java.lang.Class#getDeclaredConstructors() @ Do not violate java's access system: Use getConstructors() instead
java.lang.Class#getDeclaredField(java.lang.String) @ Do not violate java's access system: Use getField() instead
java.lang.Class#getDeclaredFields() @ Do not violate java's access system: Use getFields() instead
java.lang.Class#getDeclaredMethod(java.lang.String, java.lang.Class[]) @ Do not violate java's access system: Use getMethod() instead
java.lang.Class#getDeclaredMethods() @ Do not violate java's access system: Use getMethods() instead
java.lang.reflect.AccessibleObject#setAccessible(boolean)
java.lang.reflect.AccessibleObject#setAccessible(java.lang.reflect.AccessibleObject[], boolean)

View File

@ -1,5 +1,5 @@
elasticsearch = 3.0.0-SNAPSHOT
lucene = 5.4.0-snapshot-1715952
lucene = 5.5.0-snapshot-1719088
# optional dependencies
spatial4j = 0.5
@ -11,7 +11,7 @@ jna = 4.1.0
# test dependencies
randomizedrunner = 2.2.0
randomizedrunner = 2.3.2
junit = 4.11
httpclient = 4.3.6
httpcore = 4.3.3

View File

@ -276,7 +276,7 @@ public class Version {
public static final int V_2_2_0_ID = 2020099;
public static final Version V_2_2_0 = new Version(V_2_2_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_4_0);
public static final int V_3_0_0_ID = 3000099;
public static final Version V_3_0_0 = new Version(V_3_0_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_4_0);
public static final Version V_3_0_0 = new Version(V_3_0_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_5_0);
public static final Version CURRENT = V_3_0_0;
static {

View File

@ -333,7 +333,7 @@ public class Key<T> {
* Returns {@code true} if the given annotation type has no attributes.
*/
static boolean isMarker(Class<? extends Annotation> annotationType) {
return annotationType.getDeclaredMethods().length == 0;
return annotationType.getMethods().length == 0;
}
/**
@ -345,7 +345,7 @@ public class Key<T> {
ensureRetainedAtRuntime(annotationType);
ensureIsBindingAnnotation(annotationType);
if (annotationType.getDeclaredMethods().length == 0) {
if (annotationType.getMethods().length == 0) {
return new AnnotationTypeStrategy(annotationType, annotation);
}

View File

@ -41,7 +41,7 @@ class Reflection {
@SuppressWarnings("unchecked")
static <T> Constructor<T> invalidConstructor() {
try {
return (Constructor<T>) InvalidConstructor.class.getDeclaredConstructor();
return (Constructor<T>) InvalidConstructor.class.getConstructor();
} catch (NoSuchMethodException e) {
throw new AssertionError(e);
}

View File

@ -212,7 +212,7 @@ public class FactoryProvider<F> implements Provider<F>, HasDependencies {
TypeLiteral<?> factoryType, TypeLiteral<?> implementationType) {
List<AssistedConstructor<?>> constructors = new ArrayList<>();
for (Constructor<?> constructor : implementationType.getRawType().getDeclaredConstructors()) {
for (Constructor<?> constructor : implementationType.getRawType().getConstructors()) {
if (constructor.getAnnotation(AssistedInject.class) != null) {
@SuppressWarnings("unchecked") // the constructor type and implementation type agree
AssistedConstructor assistedConstructor = new AssistedConstructor(

View File

@ -83,7 +83,7 @@ public final class ProviderMethodsModule implements Module {
public List<ProviderMethod<?>> getProviderMethods(Binder binder) {
List<ProviderMethod<?>> result = new ArrayList<>();
for (Class<?> c = delegate.getClass(); c != Object.class; c = c.getSuperclass()) {
for (Method method : c.getDeclaredMethods()) {
for (Method method : c.getMethods()) {
if (method.getAnnotation(Provides.class) != null) {
result.add(createProviderMethod(binder, method));
}

View File

@ -188,7 +188,7 @@ public final class InjectionPoint {
Errors errors = new Errors(rawType);
Constructor<?> injectableConstructor = null;
for (Constructor<?> constructor : rawType.getDeclaredConstructors()) {
for (Constructor<?> constructor : rawType.getConstructors()) {
Inject inject = constructor.getAnnotation(Inject.class);
if (inject != null) {
if (inject.optional()) {
@ -212,7 +212,7 @@ public final class InjectionPoint {
// If no annotated constructor is found, look for a no-arg constructor instead.
try {
Constructor<?> noArgConstructor = rawType.getDeclaredConstructor();
Constructor<?> noArgConstructor = rawType.getConstructor();
// Disallow private constructors on non-private classes (unless they have @Inject)
if (Modifier.isPrivate(noArgConstructor.getModifiers())
@ -334,7 +334,7 @@ public final class InjectionPoint {
// name. In Scala, fields always get accessor methods (that we need to ignore). See bug 242.
if (member instanceof Method) {
try {
if (member.getDeclaringClass().getDeclaredField(member.getName()) != null) {
if (member.getDeclaringClass().getField(member.getName()) != null) {
return;
}
} catch (NoSuchFieldException ignore) {
@ -390,7 +390,7 @@ public final class InjectionPoint {
Factory<Field> FIELDS = new Factory<Field>() {
@Override
public Field[] getMembers(Class<?> type) {
return type.getDeclaredFields();
return type.getFields();
}
@Override
@ -402,7 +402,7 @@ public final class InjectionPoint {
Factory<Method> METHODS = new Factory<Method>() {
@Override
public Method[] getMembers(Class<?> type) {
return type.getDeclaredMethods();
return type.getMethods();
}
@Override

View File

@ -31,10 +31,12 @@ grant codeBase "${codebase.securesm-1.0.jar}" {
//// Very special jar permissions:
//// These are dangerous permissions that we don't want to grant to everything.
grant codeBase "${codebase.lucene-core-5.4.0-snapshot-1715952.jar}" {
grant codeBase "${codebase.lucene-core-5.5.0-snapshot-1719088.jar}" {
// needed to allow MMapDirectory's "unmap hack"
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
// NOTE: also needed for RAMUsageEstimator size calculations
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
//// Everything else:
@ -97,9 +99,6 @@ grant {
// (TODO: clean this up?)
permission java.lang.RuntimePermission "getProtectionDomain";
// likely not low hanging fruit...
permission java.lang.RuntimePermission "accessDeclaredMembers";
// needed by HotThreads and potentially more
// otherwise can be provided only to test libraries
permission java.lang.RuntimePermission "getStackTrace";

View File

@ -21,30 +21,38 @@
//// These are mock objects and test management that we allow test framework libs
//// to provide on our behalf. But tests themselves cannot do this stuff!
grant codeBase "${codebase.securemock-1.1.jar}" {
grant codeBase "${codebase.securemock-1.2.jar}" {
// needed to access ReflectionFactory (see below)
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
// needed to support creation of mocks
permission java.lang.RuntimePermission "reflectionFactoryAccess";
// needed for spy interception, etc
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
grant codeBase "${codebase.lucene-test-framework-5.4.0-snapshot-1715952.jar}" {
grant codeBase "${codebase.lucene-test-framework-5.5.0-snapshot-1719088.jar}" {
// needed by RamUsageTester
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
grant codeBase "${codebase.randomizedtesting-runner-2.2.0.jar}" {
grant codeBase "${codebase.randomizedtesting-runner-2.3.2.jar}" {
// optionally needed for access to private test methods (e.g. beforeClass)
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
// needed to fail tests on uncaught exceptions from other threads
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
// needed for top threads handling
permission org.elasticsearch.ThreadPermission "modifyArbitraryThreadGroup";
// needed for TestClass creation
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
grant codeBase "${codebase.junit4-ant-2.2.0.jar}" {
grant codeBase "${codebase.junit4-ant-2.3.2.jar}" {
// needed for stream redirection
permission java.lang.RuntimePermission "setIO";
};
grant codeBase "${codebase.junit-4.11.jar}" {
// needed for TestClass creation
permission java.lang.RuntimePermission "accessDeclaredMembers";
};

View File

@ -136,7 +136,7 @@ public class ExceptionSerializationTests extends ESTestCase {
} else if (ElasticsearchException.isRegistered((Class<? extends Throwable>) clazz)) {
registered.add(clazz);
try {
if (clazz.getDeclaredMethod("writeTo", StreamOutput.class) != null) {
if (clazz.getMethod("writeTo", StreamOutput.class) != null) {
hasDedicatedWrite.add(clazz);
}
} catch (Exception e) {

View File

@ -191,7 +191,7 @@ public class VersionTests extends ESTestCase {
public void testAllVersionsMatchId() throws Exception {
Map<String, Version> maxBranchVersions = new HashMap<>();
for (java.lang.reflect.Field field : Version.class.getDeclaredFields()) {
for (java.lang.reflect.Field field : Version.class.getFields()) {
if (field.getName().endsWith("_ID")) {
assertTrue(field.getName() + " should be static", Modifier.isStatic(field.getModifiers()));
assertTrue(field.getName() + " should be final", Modifier.isFinal(field.getModifiers()));

View File

@ -69,7 +69,7 @@ public class NodesStatsBasicBackwardsCompatIT extends ESBackcompatTestCase {
NodesStatsRequestBuilder nsBuilder = tc.admin().cluster().prepareNodesStats();
Class c = nsBuilder.getClass();
for (Method method : c.getDeclaredMethods()) {
for (Method method : c.getMethods()) {
if (method.getName().startsWith("set")) {
if (method.getParameterTypes().length == 1 && method.getParameterTypes()[0] == boolean.class) {
method.invoke(nsBuilder, randomBoolean());

View File

@ -92,7 +92,7 @@ public class RestoreBackwardsCompatIT extends AbstractSnapshotIntegTestCase {
}
SortedSet<String> expectedVersions = new TreeSet<>();
for (java.lang.reflect.Field field : Version.class.getDeclaredFields()) {
for (java.lang.reflect.Field field : Version.class.getFields()) {
if (Modifier.isStatic(field.getModifiers()) && field.getType() == Version.class) {
Version v = (Version) field.get(Version.class);
if (v.snapshot()) continue;

View File

@ -237,7 +237,7 @@ public class NGramTokenizerFactoryTests extends ESTokenStreamTestCase {
private Version randomVersion(Random random) throws IllegalArgumentException, IllegalAccessException {
Field[] declaredFields = Version.class.getDeclaredFields();
Field[] declaredFields = Version.class.getFields();
List<Field> versionFields = new ArrayList<>();
for (Field field : declaredFields) {
if ((field.getModifiers() & Modifier.STATIC) != 0 && field.getName().startsWith("V_") && field.getType() == Version.class) {

View File

@ -828,21 +828,21 @@ public abstract class AbstractQueryTestCase<QB extends AbstractQueryBuilder<QB>>
AbstractQueryTestCase delegate;
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
if (method.equals(Client.class.getDeclaredMethod("get", GetRequest.class))) {
if (method.equals(Client.class.getMethod("get", GetRequest.class))) {
return new PlainActionFuture<GetResponse>() {
@Override
public GetResponse get() throws InterruptedException, ExecutionException {
return delegate.executeGet((GetRequest) args[0]);
}
};
} else if (method.equals(Client.class.getDeclaredMethod("multiTermVectors", MultiTermVectorsRequest.class))) {
} else if (method.equals(Client.class.getMethod("multiTermVectors", MultiTermVectorsRequest.class))) {
return new PlainActionFuture<MultiTermVectorsResponse>() {
@Override
public MultiTermVectorsResponse get() throws InterruptedException, ExecutionException {
return delegate.executeMultiTermVectors((MultiTermVectorsRequest) args[0]);
}
};
} else if (method.equals(Object.class.getDeclaredMethod("toString"))) {
} else if (method.equals(Object.class.getMethod("toString"))) {
return "MockClient";
}
throw new UnsupportedOperationException("this test can't handle calls to: " + method);

View File

@ -1 +0,0 @@
feaf885ed4155fb7202c1f90ac2eb40503961efc

View File

@ -0,0 +1 @@
9f2b9811a4f4a57a1b3a98bdc1e1b63476b9f628

View File

@ -1 +0,0 @@
5b5b5c950b4fcac38cf48fab911f75da61e780fa

View File

@ -0,0 +1 @@
038071889a5dbeb279e37fa46225e194139a427c

View File

@ -1 +0,0 @@
84685d37a34b4d87e2928566ed266a7f005ca67d

View File

@ -0,0 +1 @@
b986d0ad8ee4dda8172a5a61875c47631e4b21d4

View File

@ -1 +0,0 @@
ff92011208ed5c28f041acc37bd77728a89fc6a5

View File

@ -0,0 +1 @@
f46574fbdfbcc81d936c77e15ba5b3af2c2b7253

View File

@ -1 +0,0 @@
5d46f26a6cb36aede89b8728b6fcbc427d4f9416

View File

@ -0,0 +1 @@
f620262d667a294d390e8df7575cc2cca2626559

View File

@ -1 +0,0 @@
726ea07bbfdfbfbee80522353496fc6667dc33c9

View File

@ -0,0 +1 @@
4c44b07242fd706f6f7f14c9063a725e0e5b98cd

View File

@ -1 +0,0 @@
d8d7a7b573a4cfc54745a126e905ccfd523b7a24

View File

@ -0,0 +1 @@
1e33e0aa5fc227e90c8314f61b4cba1090035e33

View File

@ -1 +0,0 @@
cd9d4fb4492bd2680cea2f038a051311329f6443

View File

@ -0,0 +1 @@
e416893f7b781239a15d3e2c7200ff26574d14de

View File

@ -1 +0,0 @@
a1a04d191443e51f992ed3dd02d0e14fd48493c9

View File

@ -0,0 +1 @@
b153b63b9333feedb18af2673eb6ccaf95bcc8bf

View File

@ -1 +0,0 @@
c4d34b29b8b14ad3deb300a6d699e9d8965a3c2c

View File

@ -0,0 +1 @@
0aa2758d70a79f2e0f33a87624fd9d31e155c864

View File

@ -1 +0,0 @@
bf45dbd653d66ce9d2c3f19b69997b8098d8b416

View File

@ -0,0 +1 @@
873c716ba629dae389b12ddb1aedf2f5c5f57fea

View File

@ -1 +0,0 @@
2bddfda70f5c657064d12860b03c2cd8a5029bfc

View File

@ -0,0 +1 @@
9d7e47c2fb73c614cc5ca41529b2c273c73b0ce7

View File

@ -1 +0,0 @@
881b8cd571fb3ccdcc69f1316468d816812513fb

View File

@ -0,0 +1 @@
4766305088797a66fe02d5aaa98e086867816e42

View File

@ -1 +0,0 @@
466e2bc02f45f04cbf516e5df78b9c2ebd99e944

View File

@ -0,0 +1 @@
f0ee6fb780ea8aa9ec6d31e6a9cc7d48700bd2ca

View File

@ -1 +0,0 @@
414dfcf600b6c02b90a21bd219a5e115bbda0d14

View File

@ -0,0 +1 @@
787356d4ae6142bb8ca7e9713d0a281a797b57fb

View File

@ -19,38 +19,11 @@
package org.elasticsearch.script.expression;
import org.apache.lucene.expressions.js.JavascriptCompiler;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.script.ScriptModule;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.text.ParseException;
public class ExpressionPlugin extends Plugin {
// lucene expressions has crazy checks in its clinit for the functions map
// it violates rules of classloaders to detect accessibility
// TODO: clean that up
static {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
try {
JavascriptCompiler.compile("0");
} catch (ParseException e) {
throw new RuntimeException(e);
}
return null;
}
});
}
@Override
public String name() {
return "lang-expression";

View File

@ -20,8 +20,6 @@
grant {
// needed to generate runtime classes
permission java.lang.RuntimePermission "createClassLoader";
// needed because of security problems in JavascriptCompiler
permission java.lang.RuntimePermission "getClassLoader";
// expression runtime
permission org.elasticsearch.script.ClassPermission "java.lang.String";

View File

@ -23,6 +23,7 @@ grant {
// needed by IndyInterface
permission java.lang.RuntimePermission "getClassLoader";
// needed by groovy engine
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
// needed by GroovyScriptEngineService to close its classloader (why?)
permission java.lang.RuntimePermission "closeClassLoader";

View File

@ -19,6 +19,8 @@
package org.elasticsearch.script.mustache;
import com.github.mustachejava.Mustache;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
@ -34,6 +36,8 @@ import org.elasticsearch.script.SearchScript;
import org.elasticsearch.search.lookup.SearchLookup;
import java.lang.ref.SoftReference;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.Map;
@ -123,6 +127,9 @@ public class MustacheScriptEngineService extends AbstractComponent implements Sc
// Nothing to do here
}
// permission checked before doing crazy reflection
static final SpecialPermission SPECIAL_PERMISSION = new SpecialPermission();
/**
* Used at query execution time by script service in order to execute a query template.
* */
@ -148,9 +155,20 @@ public class MustacheScriptEngineService extends AbstractComponent implements Sc
@Override
public Object run() {
BytesStreamOutput result = new BytesStreamOutput();
final BytesStreamOutput result = new BytesStreamOutput();
try (UTF8StreamWriter writer = utf8StreamWriter().setOutput(result)) {
((Mustache) template.compiled()).execute(writer, vars);
// crazy reflection here
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SPECIAL_PERMISSION);
}
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
((Mustache) template.compiled()).execute(writer, vars);
return null;
}
});
} catch (Exception e) {
logger.error("Error running " + template, e);
throw new ScriptException("Error running " + template, e);

View File

@ -0,0 +1,23 @@
/*
* Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
grant {
// needed to do crazy reflection
permission java.lang.RuntimePermission "accessDeclaredMembers";
};

View File

@ -1 +0,0 @@
d957c3956797c9c057e65f6342eeb104fa20951e

View File

@ -0,0 +1 @@
4e56ba76d6b23756b2bd4d9e42b2b00122cd4fa5

View File

@ -1 +0,0 @@
2ea1253cd3a704dea02382d6f9abe7c2a58874ac

View File

@ -0,0 +1 @@
d6ccac802dc1e4c177be043a173377cf5e517cff

View File

@ -1 +0,0 @@
7f2132a00895c6eacfc735a4d6056275a692363b

View File

@ -0,0 +1 @@
70ad9f6c3738727229867419d949527cc7789f62

View File

@ -1 +0,0 @@
5eff0c934476356fcd608d574ce0af4104e5e2a4

View File

@ -0,0 +1 @@
75504fd906929700e7d11f9600e4a79de48e1090

View File

@ -1 +0,0 @@
210cab15ecf74e5a1bf35173ef5b0d420475694c

View File

@ -0,0 +1 @@
9eeeeabeab89ec305e831d80bdcc7e85a1140fbb

View File

@ -19,7 +19,8 @@
grant {
// needed because of problems in ClientConfiguration
// TODO: get this fixed in aws sdk
// TODO: get these fixed in aws sdk
permission java.lang.RuntimePermission "accessDeclaredMembers";
// NOTE: no tests fail without this, but we know the problem
// exists in AWS sdk, and tests here are not thorough
permission java.lang.RuntimePermission "getClassLoader";

View File

@ -45,6 +45,7 @@ import java.io.IOException;
import java.net.URL;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.*;
@ -103,23 +104,33 @@ public class GceComputeServiceImpl extends AbstractLifecycleComponent<GceCompute
public String metadata(String metadataPath) throws IOException {
String urlMetadataNetwork = GCE_METADATA_URL + "/" + metadataPath;
logger.debug("get metadata from [{}]", urlMetadataNetwork);
URL url = new URL(urlMetadataNetwork);
final URL url = new URL(urlMetadataNetwork);
HttpHeaders headers;
try {
// hack around code messiness in GCE code
// TODO: get this fixed
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
headers = AccessController.doPrivileged(new PrivilegedExceptionAction<HttpHeaders>() {
@Override
public HttpHeaders run() throws IOException {
return new HttpHeaders();
}
});
GenericUrl genericUrl = AccessController.doPrivileged(new PrivilegedAction<GenericUrl>() {
@Override
public GenericUrl run() {
return new GenericUrl(url);
}
});
// This is needed to query meta data: https://cloud.google.com/compute/docs/metadata
headers.put("Metadata-Flavor", "Google");
HttpResponse response;
response = getGceHttpTransport().createRequestFactory()
.buildGetRequest(new GenericUrl(url))
.buildGetRequest(genericUrl)
.setHeaders(headers)
.execute();
String metadata = response.parseAsString();

View File

@ -20,13 +20,18 @@
package org.elasticsearch.discovery.gce;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.googleapis.testing.auth.oauth2.MockGoogleCredential;
import com.google.api.client.http.*;
import com.google.api.client.util.ExponentialBackOff;
import com.google.api.client.util.Sleeper;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.ESLoggerFactory;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Objects;
public class RetryHttpInitializerWrapper implements HttpRequestInitializer {
@ -61,6 +66,21 @@ public class RetryHttpInitializerWrapper implements HttpRequestInitializer {
this.maxWait = maxWait;
}
// Use only for testing
static MockGoogleCredential.Builder newMockCredentialBuilder() {
// TODO: figure out why GCE is so bad like this
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
return AccessController.doPrivileged(new PrivilegedAction<MockGoogleCredential.Builder>() {
@Override
public MockGoogleCredential.Builder run() {
return new MockGoogleCredential.Builder();
}
});
}
@Override
public void initialize(HttpRequest httpRequest) {
final HttpUnsuccessfulResponseHandler backoffHandler =

View File

@ -19,5 +19,6 @@
grant {
// needed because of problems in gce
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

View File

@ -97,7 +97,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase {
FailThenSuccessBackoffTransport fakeTransport =
new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, 3);
MockGoogleCredential credential = new MockGoogleCredential.Builder()
MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder()
.build();
MockSleeper mockSleeper = new MockSleeper();
@ -122,7 +122,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase {
FailThenSuccessBackoffTransport fakeTransport =
new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, maxRetryTimes);
JsonFactory jsonFactory = new JacksonFactory();
MockGoogleCredential credential = new MockGoogleCredential.Builder()
MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder()
.build();
MockSleeper oneTimeSleeper = new MockSleeper() {
@ -155,7 +155,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase {
FailThenSuccessBackoffTransport fakeTransport =
new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, 1, true);
MockGoogleCredential credential = new MockGoogleCredential.Builder()
MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder()
.build();
MockSleeper mockSleeper = new MockSleeper();
RetryHttpInitializerWrapper retryHttpInitializerWrapper = new RetryHttpInitializerWrapper(credential, mockSleeper, 500);

View File

@ -19,6 +19,7 @@
grant {
// needed because of problems in ClientConfiguration
// TODO: get this fixed in aws sdk
// TODO: get these fixed in aws sdk
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "getClassLoader";
};

View File

@ -35,7 +35,7 @@ public class VersionUtils {
private static final List<Version> SORTED_VERSIONS;
static {
Field[] declaredFields = Version.class.getDeclaredFields();
Field[] declaredFields = Version.class.getFields();
Set<Integer> ids = new HashSet<>();
for (Field field : declaredFields) {
final int mod = field.getModifiers();

View File

@ -705,7 +705,7 @@ public class ElasticsearchAssertions {
IllegalAccessException, InvocationTargetException {
try {
Class<? extends Streamable> clazz = streamable.getClass();
Constructor<? extends Streamable> constructor = clazz.getDeclaredConstructor();
Constructor<? extends Streamable> constructor = clazz.getConstructor();
assertThat(constructor, Matchers.notNullValue());
Streamable newInstance = constructor.newInstance();
return newInstance;

View File

@ -47,7 +47,7 @@ public class LoggingListenerTests extends ESTestCase {
assertThat(xyzLogger.getLevel(), nullValue());
assertThat(abcLogger.getLevel(), nullValue());
Method method = TestClass.class.getDeclaredMethod("annotatedTestMethod");
Method method = TestClass.class.getMethod("annotatedTestMethod");
TestLogging annotation = method.getAnnotation(TestLogging.class);
Description testDescription = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod", annotation);
loggingListener.testStarted(testDescription);
@ -105,7 +105,7 @@ public class LoggingListenerTests extends ESTestCase {
assertThat(abcLogger.getLevel(), equalTo("ERROR"));
assertThat(xyzLogger.getLevel(), nullValue());
Method method = TestClass.class.getDeclaredMethod("annotatedTestMethod");
Method method = TestClass.class.getMethod("annotatedTestMethod");
TestLogging annotation = method.getAnnotation(TestLogging.class);
Description testDescription = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod", annotation);
loggingListener.testStarted(testDescription);
@ -116,7 +116,7 @@ public class LoggingListenerTests extends ESTestCase {
assertThat(abcLogger.getLevel(), equalTo("ERROR"));
assertThat(xyzLogger.getLevel(), nullValue());
Method method2 = TestClass.class.getDeclaredMethod("annotatedTestMethod2");
Method method2 = TestClass.class.getMethod("annotatedTestMethod2");
TestLogging annotation2 = method2.getAnnotation(TestLogging.class);
Description testDescription2 = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod2", annotation2);
loggingListener.testStarted(testDescription2);