From f07a850ba2924c1ca11004786577dcb59ec88a48 Mon Sep 17 00:00:00 2001
From: Jay Modi <jaymode@users.noreply.github.com>
Date: Thu, 25 Jan 2018 13:01:48 -0700
Subject: [PATCH] [SAML] add security permission to get the classloader
 (elastic/x-pack-elasticsearch#3720)

This adds the security permission to get the thread context classloader to the security
plugin after it was inadvertently removed in elastic/x-pack-elasticsearch#3651. This was not caught as there is a
dependency on monitoring for security and monitoring has the getClassLoader permission.

relates elastic/x-pack-elasticsearch#3719

Original commit: elastic/x-pack-elasticsearch@61ad950f5b8d4080bc04a4a83e35ca95b7f9ede2
---
 plugin/security/src/main/plugin-metadata/plugin-security.policy | 1 +
 1 file changed, 1 insertion(+)

diff --git a/plugin/security/src/main/plugin-metadata/plugin-security.policy b/plugin/security/src/main/plugin-metadata/plugin-security.policy
index 84f4eb5ca10..857c2f6e472 100644
--- a/plugin/security/src/main/plugin-metadata/plugin-security.policy
+++ b/plugin/security/src/main/plugin-metadata/plugin-security.policy
@@ -5,6 +5,7 @@ grant {
   permission java.util.PropertyPermission "*", "read,write";
 
   // needed because of SAML (cf. o.e.x.s.s.RestorableContextClassLoader)
+  permission java.lang.RuntimePermission "getClassLoader";
   permission java.lang.RuntimePermission "setContextClassLoader";
 
   // needed for multiple server implementations used in tests