[Elasticsearch] Java Security Manager 관련

Elastic/Elasticsearch 2017. 12. 18. 15:45

elasticsearch plugin 을 만들다 보면 보안정책 강화에 따라 permission 에러가 발생 하는 경우가 있습니다.

이럴 경우 아래 내용을 통해서 문제를 해결해 보시기 바랍니다.


[Elasticsearch Java Security Manager]

$ export JAVA_OPTS="${JAVA_OPTS} -Djava.security.policy=file:///path/to/my.policy` ./bin/elasticsearch

# or config/jvm.options

$ vi config/jvm.options

-Djava.security.policy=file:///path/to/my.policy

$ export JAVA_OPTS="${JAVA_OPTS} -Dsecurity.manager.enabled=false` ./bin/elasticsearch

# or config/jvm.options

$ vi config/jvm.options 

-Dsecurity.manager.enabled=false


Example) my.policy

# Ref. https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html


grant {

permission org.elasticsearch.script.ClassPermission "java.util.Base64"; // allow class

permission org.elasticsearch.script.ClassPermission "java.util.*"; // allow package

permission org.elasticsearch.script.ClassPermission "*"; // allow all (disables filtering basically)

permission java.io.FilePermission "$ES_HOME/config/resource/*", "read"; // allow all files

};


Example) plugin-metadata/plugin-security.policy (recommended)

# Ref. https://www.elastic.co/guide/en/elasticsearch/plugins/current/plugin-authors.html#plugin-authors-jsm

# Ref. https://github.com/elastic/elasticsearch/blob/master/plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy

: