[
https://issues.apache.org/jira/browse/SOLR-17542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Risden resolved SOLR-17542.
---------------------------------
Fix Version/s: 9.9
Resolution: Fixed
> AccessControlException when attempting to post document
> -------------------------------------------------------
>
> Key: SOLR-17542
> URL: https://issues.apache.org/jira/browse/SOLR-17542
> Project: Solr
> Issue Type: Bug
> Components: contrib - Solr Cell (Tika extraction), security
> Affects Versions: 9.7
> Environment: * Solr 9.7
> * MacOS 15.0.1
> * M1 Max CPU
> * 64GB RAM
> Reporter: Ivo Janssen
> Assignee: Kevin Risden
> Priority: Major
> Labels: macOS, security, tika
> Fix For: 9.9
>
>
> I'm using Solr 9.7 on MacOS 15.0.1, with Cell enabled, and it returns a 500
> error when I try to add a document. The error on Solr's side is as follows:
> {noformat}
> 2024-10-18 00:49:03.350 INFO (qtp1955990522-40-localhost-1) [c: s: r:
> x:test_docstore t:localhost-1] o.a.s.c.PluginBag Going to create a new
> requestHandler with {type = requestHandler,name = /update/extract,class =
> solr.extraction.ExtractingRequestHandler,attributes = {startup=lazy,
> name=/update/extract, class=solr.extraction.ExtractingRequestHandler},args =
> {defaults={fmap.Last-Modified=last_modified, uprefix=ignored_, df=_text_}}}
> 2024-10-18 00:49:03.653 ERROR (qtp1955990522-40-localhost-1) [c: s: r:
> x:test_docstore t:localhost-1] o.a.s.s.HttpSolrCall 500 Exception =>
> java.lang.IllegalStateException: java.security.AccessControlException: access
> denied ("java.io.FilePermission"
> "/private/var/folders/8y/0166d0yx0wd7lxycs42l6t9c0000gs/T/jetty-127_0_0_1-8983-webapp-_solr-any-16097010865664396603"
> "read")
> at
> org.eclipse.jetty.server.MultiPartFormInputStream.throwIfError(MultiPartFormInputStream.java:526)
> java.lang.IllegalStateException: java.security.AccessControlException: access
> denied ("java.io.FilePermission"
> "/private/var/folders/8y/0166d0yx0wd7lxycs42l6t9c0000gs/T/jetty-127_0_0_1-8983-webapp-_solr-any-16097010865664396603"
> "read")
> at
> org.eclipse.jetty.server.MultiPartFormInputStream.throwIfError(MultiPartFormInputStream.java:526)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at
> org.eclipse.jetty.server.MultiPartFormInputStream.getParts(MultiPartFormInputStream.java:491)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at
> org.eclipse.jetty.server.MultiParts$MultiPartsHttpParser.getParts(MultiParts.java:90)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at org.eclipse.jetty.server.Request.getParts(Request.java:2354)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at org.eclipse.jetty.server.Request.getParts(Request.java:2328)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at
> javax.servlet.http.HttpServletRequestWrapper.getParts(HttpServletRequestWrapper.java:317)
> ~[jetty-servlet-api-4.0.6.jar:?]
> at
> org.apache.solr.servlet.SolrRequestParsers$MultipartRequestParser.parseParamsAndFillStreams(SolrRequestParsers.java:649)
> ~[?:?]
> at
> org.apache.solr.servlet.SolrRequestParsers$StandardRequestParser.parseParamsAndFillStreams(SolrRequestParsers.java:893)
> ~[?:?]
> at
> org.apache.solr.servlet.SolrRequestParsers.parse(SolrRequestParsers.java:169)
> ~[?:?]
> at org.apache.solr.servlet.HttpSolrCall.init(HttpSolrCall.java:313) ~[?:?]
> at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:524) ~[?:?]
> at
> org.apache.solr.servlet.SolrDispatchFilter.dispatch(SolrDispatchFilter.java:251)
> ~[?:?]
> at
> org.apache.solr.servlet.SolrDispatchFilter.lambda$doFilter$0(SolrDispatchFilter.java:208)
> ~[?:?]
> at
> org.apache.solr.servlet.ServletUtils.traceHttpRequestExecution2(ServletUtils.java:243)
> ~[?:?]
> at
> org.apache.solr.servlet.ServletUtils.rateLimitRequest(ServletUtils.java:213)
> ~[?:?]
> {noformat}
> I've confirmed that this is related to the security policy, since I'm able to
> work around it by running Solr with `-Djava.security.manager=allow`, but
> looking at the policy nothing jumps out at me for being wrong or missing.
> [Link to discussion on the mailing
> list|https://lists.apache.org/thread/8grxnpnxtyb2c1wb4j4vpl88vktzfy13]
> (disregard my attempted fix in that thread - it was incorrect)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
