[ https://issues.apache.org/jira/browse/SOLR-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rakesh Kumar closed SOLR-16902. ------------------------------- It turned out that the response deserialization call in Algolia SDK needs to be wrapped in a PrivilegedAction, therefore, it is not a bug from Solr and don't require any fix. > Jackson deserialization fails with java.security.AccessControlException > ----------------------------------------------------------------------- > > Key: SOLR-16902 > URL: https://issues.apache.org/jira/browse/SOLR-16902 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Affects Versions: 9.3, 9.2.1 > Reporter: Rakesh Kumar > Priority: Major > > *Environment/Components Details* > OS - macOS 13.4.1 > Java - OpenJDK 11.0.20 > Jackson - 2.15.2 (Provided by Solr) > Algolia SDK - 3.16.7 > Apache HttpClient - 4.5.14 (Provided by Solr) > --------------------------------------------------- > *Problem Statement* > I am new to Solr and trying to create a module containing an implementation > of UpdateRequestProcessor where I am using processAdd method for hooking into > the Solr document add/update lifecycle. > > This module is dependent on 3rd party libraries like Apache httpcomponents, > Jackson etc. which are already provided by Solr, so, when I try to add a > document to Solr, the request comes to processAdd method where I make a call > to Algolia using Algolia SDK which internally uses Apache httpcomponents, > Jackson etc. and finally deserialize the response using Jackson. > For the fact that Solr is running under SecurityManager and security.policy > file has this permission defined > {code:java} > permission java.lang.RuntimePermission "accessDeclaredMembers"; {code} > Not sure what is causing this, Solr or Jackson or Algolia SDK. I did not find > any previous issues where Jackson is involved and causing a security > exception so raising this issue, please feel free to close it if not relevant > to Solr. > > This is the exception I get while Algolia SDK deserializes the response using > Jackson. > > {code:java} > 2023-07-22 13:49:22.818 ERROR (qtp371397455-22) [ x:algolia] > c.a.c.b.s.p.AlgoliaUpdateRequestProcessor > java.util.concurrent.ExecutionException: > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "accessDeclaredMembers") => > com.algolia.search.exceptions.AlgoliaRuntimeException: > java.util.concurrent.ExecutionException: > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "accessDeclaredMembers") > at > com.algolia.search.exceptions.LaunderThrowable.launder(LaunderThrowable.java:38) > com.algolia.search.exceptions.AlgoliaRuntimeException: > java.util.concurrent.ExecutionException: > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "accessDeclaredMembers") > at > com.algolia.search.exceptions.LaunderThrowable.launder(LaunderThrowable.java:38) > ~[?:?] > at > com.algolia.search.exceptions.LaunderThrowable.await(LaunderThrowable.java:19) > ~[?:?] > at com.algolia.search.SearchIndex.saveObject(SearchIndex.java:678) > ~[?:?] > at > com.algolia.connector.bridge.solr.service.impl.AlgoliaServiceImpl.createRecord(AlgoliaServiceImpl.java:48) > ~[?:?] > at > com.algolia.connector.bridge.solr.plugin.AlgoliaUpdateRequestProcessor.processAdd(AlgoliaUpdateRequestProcessor.java:71) > ~[?:?] > at > org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:54) > ~[?:?] > at > org.apache.solr.update.processor.AddSchemaFieldsUpdateProcessorFactory$AddSchemaFieldsUpdateProcessor.processAdd(AddSchemaFieldsUpdateProcessorFactory.java:535) > ~[?:?] > at > org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:54) > ~[?:?] > at > org.apache.solr.update.processor.FieldMutatingUpdateProcessor.processAdd(FieldMutatingUpdateProcessor.java:111) > ~[?:?] > at > org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:54) > ~[?:?] > at > org.apache.solr.update.processor.FieldMutatingUpdateProcessor.processAdd(FieldMutatingUpdateProcessor.java:111) > ~[?:?] > at > org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:54) > ~[?:?] > at > org.apache.solr.update.processor.FieldMutatingUpdateProcessor.processAdd(FieldMutatingUpdateProcessor.java:111) > ~[?:?] > at > org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:54) > ~[?:?] > at > org.apache.solr.update.processor.FieldMutatingUpdateProcessor.processAdd(FieldMutatingUpdateProcessor.java:111) > ~[?:?] > at > org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:54) > ~[?:?] > at > org.apache.solr.update.processor.FieldNameMutatingUpdateProcessorFactory$1.processAdd(FieldNameMutatingUpdateProcessorFactory.java:71) > ~[?:?] > at > org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:54) > ~[?:?] > at > org.apache.solr.update.processor.FieldMutatingUpdateProcessor.processAdd(FieldMutatingUpdateProcessor.java:111) > ~[?:?] > at > org.apache.solr.update.processor.UpdateRequestProcessor.processAdd(UpdateRequestProcessor.java:54) > ~[?:?] > at > org.apache.solr.update.processor.AbstractDefaultValueUpdateProcessorFactory$DefaultValueUpdateProcessor.processAdd(AbstractDefaultValueUpdateProcessorFactory.java:82) > ~[?:?] > at > org.apache.solr.handler.loader.JavabinLoader$1.update(JavabinLoader.java:123) > ~[?:?] > at > org.apache.solr.client.solrj.request.JavaBinUpdateRequestCodec$StreamingCodec.readOuterMostDocIterator(JavaBinUpdateRequestCodec.java:342) > ~[?:?] > at > org.apache.solr.client.solrj.request.JavaBinUpdateRequestCodec$StreamingCodec.readIterator(JavaBinUpdateRequestCodec.java:286) > ~[?:?] > at > org.apache.solr.common.util.JavaBinCodec.readObject(JavaBinCodec.java:338) > ~[?:?] > at > org.apache.solr.common.util.JavaBinCodec.readVal(JavaBinCodec.java:283) ~[?:?] > at > org.apache.solr.client.solrj.request.JavaBinUpdateRequestCodec$StreamingCodec.readNamedList(JavaBinUpdateRequestCodec.java:236) > ~[?:?] > at > org.apache.solr.common.util.JavaBinCodec.readObject(JavaBinCodec.java:303) > ~[?:?] > at > org.apache.solr.common.util.JavaBinCodec.readVal(JavaBinCodec.java:283) ~[?:?] > at > org.apache.solr.common.util.JavaBinCodec.unmarshal(JavaBinCodec.java:193) > ~[?:?] > at > org.apache.solr.client.solrj.request.JavaBinUpdateRequestCodec.unmarshal(JavaBinUpdateRequestCodec.java:126) > ~[?:?] > at > org.apache.solr.handler.loader.JavabinLoader.parseAndLoadDocs(JavabinLoader.java:135) > ~[?:?] > at > org.apache.solr.handler.loader.JavabinLoader.load(JavabinLoader.java:74) > ~[?:?] > at > org.apache.solr.handler.UpdateRequestHandler$1.load(UpdateRequestHandler.java:102) > ~[?:?] > at > org.apache.solr.handler.ContentStreamHandlerBase.handleRequestBody(ContentStreamHandlerBase.java:84) > ~[?:?] > at > org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:224) > ~[?:?] > at org.apache.solr.core.SolrCore.execute(SolrCore.java:2893) ~[?:?] > at > org.apache.solr.servlet.HttpSolrCall.executeCoreRequest(HttpSolrCall.java:871) > ~[?:?] > at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:567) > ~[?:?] > at > org.apache.solr.servlet.SolrDispatchFilter.dispatch(SolrDispatchFilter.java:250) > ~[?:?] > at > org.apache.solr.servlet.SolrDispatchFilter.lambda$doFilter$0(SolrDispatchFilter.java:218) > ~[?:?] > at > org.apache.solr.servlet.ServletUtils.traceHttpRequestExecution2(ServletUtils.java:257) > ~[?:?] > at > org.apache.solr.servlet.ServletUtils.rateLimitRequest(ServletUtils.java:227) > ~[?:?] > at > org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:213) > ~[?:?] > at > org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:195) > ~[?:?] > at > org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) > ~[jetty-servlet-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) > ~[jetty-servlet-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) > ~[jetty-servlet-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) > ~[jetty-security-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) > ~[jetty-servlet-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:149) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.InetAccessHandler.handle(InetAccessHandler.java:228) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:301) > ~[jetty-rewrite-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:822) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) > ~[jetty-server-10.0.15.jar:10.0.15] > at org.eclipse.jetty.server.Server.handle(Server.java:563) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) > ~[jetty-server-10.0.15.jar:10.0.15] > at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) > ~[jetty-server-10.0.15.jar:10.0.15] > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) > ~[jetty-server-10.0.15.jar:10.0.15] > at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:457) > ~[jetty-server-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:194) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:208) > ~[http2-common-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.http2.HTTP2Connection.onFillable(HTTP2Connection.java:155) > ~[http2-common-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.http2.HTTP2Connection$FillableCallback.succeeded(HTTP2Connection.java:378) > ~[http2-common-10.0.15.jar:10.0.15] > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) > ~[jetty-io-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) > ~[jetty-io-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) > ~[jetty-util-10.0.15.jar:10.0.15] > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) > ~[jetty-util-10.0.15.jar:10.0.15] > at java.lang.Thread.run(Thread.java:829) [?:?] > Caused by: java.util.concurrent.ExecutionException: > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "accessDeclaredMembers") > at > java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395) > ~[?:?] > at > java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999) ~[?:?] > at > com.algolia.search.exceptions.LaunderThrowable.await(LaunderThrowable.java:17) > ~[?:?] > ... 90 more > Caused by: java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "accessDeclaredMembers") > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > ~[?:?] > at > java.security.AccessController.checkPermission(AccessController.java:897) > ~[?:?] > at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) > ~[?:?] > at java.lang.Class.checkMemberAccess(Class.java:2847) ~[?:?] > at java.lang.Class.getDeclaredFields(Class.java:2246) ~[?:?] > at > com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:73) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:71) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collect(AnnotatedFieldCollector.java:48) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collectFields(AnnotatedFieldCollector.java:43) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.AnnotatedClass._fields(AnnotatedClass.java:370) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.AnnotatedClass.fields(AnnotatedClass.java:342) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector._addFields(POJOPropertiesCollector.java:519) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.collectAll(POJOPropertiesCollector.java:445) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getPropertyMap(POJOPropertiesCollector.java:405) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getProperties(POJOPropertiesCollector.java:247) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.BasicBeanDescription._properties(BasicBeanDescription.java:164) > ~[?:?] > at > com.fasterxml.jackson.databind.introspect.BasicBeanDescription.findProperties(BasicBeanDescription.java:239) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._findCreatorsFromProperties(BasicDeserializerFactory.java:317) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._constructDefaultValueInstantiator(BasicDeserializerFactory.java:271) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.BasicDeserializerFactory.findValueInstantiator(BasicDeserializerFactory.java:222) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.buildBeanDeserializer(BeanDeserializerFactory.java:262) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.createBeanDeserializer(BeanDeserializerFactory.java:151) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer2(DeserializerCache.java:415) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer(DeserializerCache.java:350) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:264) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244) > ~[?:?] > at > com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142) > ~[?:?] > at > com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:654) > ~[?:?] > at > com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4956) > ~[?:?] > at > com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4826) > ~[?:?] > at > com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3825) > ~[?:?] > at > com.algolia.search.HttpTransport.lambda$executeWithRetry$0(HttpTransport.java:174) > ~[?:?] > at > java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1072) > ~[?:?] > at > java.util.concurrent.CompletableFuture$Completion.exec(CompletableFuture.java:479) > ~[?:?] > at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290) > ~[?:?] > at > java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020) > ~[?:?] > at java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656) ~[?:?] > at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594) > ~[?:?] > at > java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183) > ~[?:?]{code} -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org