You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Rakesh Kumar (Jira)" <ji...@apache.org> on 2023/07/22 08:37:00 UTC
[jira] [Updated] (SOLR-16902) Jackson deserialization fails with java.security.AccessControlException
[ https://issues.apache.org/jira/browse/SOLR-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rakesh Kumar updated SOLR-16902:
--------------------------------
Description:
I have created a module containing an implementation of
UpdateRequestProcessor where I am using processAdd method for hooking into the solr document add/update lifecycle.
This module is dependent on 3rd party libraries like Apache httpcomponents, Jackson etc. which are already provided by Solr so when I try to add a document to Solr the request comes to processAdd method where I make a call to 3rd party API using Apache httpcomponents and finally deserializing the response using Jackson.
However, I get the following exception while deserializing the response using Jackson.
{code:java}
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:897) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) ~[?:?]
at java.lang.Class.checkMemberAccess(Class.java:2847) ~[?:?]
at java.lang.Class.getDeclaredFields(Class.java:2246) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:73) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:71) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collect(AnnotatedFieldCollector.java:48) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collectFields(AnnotatedFieldCollector.java:43) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedClass._fields(AnnotatedClass.java:370) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedClass.fields(AnnotatedClass.java:342) ~[?:?]
at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector._addFields(POJOPropertiesCollector.java:519) ~[?:?]
at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.collectAll(POJOPropertiesCollector.java:445) ~[?:?]
at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getPropertyMap(POJOPropertiesCollector.java:405) ~[?:?]
at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getProperties(POJOPropertiesCollector.java:247) ~[?:?]
at com.fasterxml.jackson.databind.introspect.BasicBeanDescription._properties(BasicBeanDescription.java:164) ~[?:?]
at com.fasterxml.jackson.databind.introspect.BasicBeanDescription.findProperties(BasicBeanDescription.java:239) ~[?:?]
at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._findCreatorsFromProperties(BasicDeserializerFactory.java:317) ~[?:?]
at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._constructDefaultValueInstantiator(BasicDeserializerFactory.java:271) ~[?:?]
at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory.findValueInstantiator(BasicDeserializerFactory.java:222) ~[?:?]
at com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.buildBeanDeserializer(BeanDeserializerFactory.java:262) ~[?:?]
at com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.createBeanDeserializer(BeanDeserializerFactory.java:151) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer2(DeserializerCache.java:415) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer(DeserializerCache.java:350) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:264) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142) ~[?:?]
at com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:654) ~[?:?]
at com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4956) ~[?:?]
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4826) ~[?:?]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3825) ~[?:?]{code}
was:
I have created a module containing an implementation of
UpdateRequestProcessor where I am using processAdd method for hooking into the solr document add/update lifecycle.
This module is dependent on 3rd part libraries like Apache httpcomponents, Jackson etc. which are already provided by Solr so when I try to add a document to Solr the request comes to processAdd method where I make a call to 3rd party API using Apache httpcomponents and finally deserializing the response using Jackson.
However, I get the following exception while deserializing the response using Jackson.
{code:java}
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:897) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) ~[?:?]
at java.lang.Class.checkMemberAccess(Class.java:2847) ~[?:?]
at java.lang.Class.getDeclaredFields(Class.java:2246) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:73) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:71) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collect(AnnotatedFieldCollector.java:48) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collectFields(AnnotatedFieldCollector.java:43) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedClass._fields(AnnotatedClass.java:370) ~[?:?]
at com.fasterxml.jackson.databind.introspect.AnnotatedClass.fields(AnnotatedClass.java:342) ~[?:?]
at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector._addFields(POJOPropertiesCollector.java:519) ~[?:?]
at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.collectAll(POJOPropertiesCollector.java:445) ~[?:?]
at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getPropertyMap(POJOPropertiesCollector.java:405) ~[?:?]
at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getProperties(POJOPropertiesCollector.java:247) ~[?:?]
at com.fasterxml.jackson.databind.introspect.BasicBeanDescription._properties(BasicBeanDescription.java:164) ~[?:?]
at com.fasterxml.jackson.databind.introspect.BasicBeanDescription.findProperties(BasicBeanDescription.java:239) ~[?:?]
at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._findCreatorsFromProperties(BasicDeserializerFactory.java:317) ~[?:?]
at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._constructDefaultValueInstantiator(BasicDeserializerFactory.java:271) ~[?:?]
at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory.findValueInstantiator(BasicDeserializerFactory.java:222) ~[?:?]
at com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.buildBeanDeserializer(BeanDeserializerFactory.java:262) ~[?:?]
at com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.createBeanDeserializer(BeanDeserializerFactory.java:151) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer2(DeserializerCache.java:415) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer(DeserializerCache.java:350) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:264) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244) ~[?:?]
at com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142) ~[?:?]
at com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:654) ~[?:?]
at com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4956) ~[?:?]
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4826) ~[?:?]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3825) ~[?:?]{code}
> Jackson deserialization fails with java.security.AccessControlException
> -----------------------------------------------------------------------
>
> Key: SOLR-16902
> URL: https://issues.apache.org/jira/browse/SOLR-16902
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 9.3, 9.2.1
> Reporter: Rakesh Kumar
> Priority: Major
>
> I have created a module containing an implementation of
> UpdateRequestProcessor where I am using processAdd method for hooking into the solr document add/update lifecycle.
>
> This module is dependent on 3rd party libraries like Apache httpcomponents, Jackson etc. which are already provided by Solr so when I try to add a document to Solr the request comes to processAdd method where I make a call to 3rd party API using Apache httpcomponents and finally deserializing the response using Jackson.
>
> However, I get the following exception while deserializing the response using Jackson.
>
> {code:java}
> Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]
> at java.security.AccessController.checkPermission(AccessController.java:897) ~[?:?]
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) ~[?:?]
> at java.lang.Class.checkMemberAccess(Class.java:2847) ~[?:?]
> at java.lang.Class.getDeclaredFields(Class.java:2246) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:73) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:71) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collect(AnnotatedFieldCollector.java:48) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collectFields(AnnotatedFieldCollector.java:43) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.AnnotatedClass._fields(AnnotatedClass.java:370) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.AnnotatedClass.fields(AnnotatedClass.java:342) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector._addFields(POJOPropertiesCollector.java:519) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.collectAll(POJOPropertiesCollector.java:445) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getPropertyMap(POJOPropertiesCollector.java:405) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getProperties(POJOPropertiesCollector.java:247) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.BasicBeanDescription._properties(BasicBeanDescription.java:164) ~[?:?]
> at com.fasterxml.jackson.databind.introspect.BasicBeanDescription.findProperties(BasicBeanDescription.java:239) ~[?:?]
> at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._findCreatorsFromProperties(BasicDeserializerFactory.java:317) ~[?:?]
> at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._constructDefaultValueInstantiator(BasicDeserializerFactory.java:271) ~[?:?]
> at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory.findValueInstantiator(BasicDeserializerFactory.java:222) ~[?:?]
> at com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.buildBeanDeserializer(BeanDeserializerFactory.java:262) ~[?:?]
> at com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.createBeanDeserializer(BeanDeserializerFactory.java:151) ~[?:?]
> at com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer2(DeserializerCache.java:415) ~[?:?]
> at com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer(DeserializerCache.java:350) ~[?:?]
> at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:264) ~[?:?]
> at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244) ~[?:?]
> at com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142) ~[?:?]
> at com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:654) ~[?:?]
> at com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4956) ~[?:?]
> at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4826) ~[?:?]
> at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3825) ~[?:?]{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org