[
https://issues.apache.org/jira/browse/SOLR-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rakesh Kumar updated SOLR-16902:
--------------------------------
Description:
I have created a module containing an implementation of
UpdateRequestProcessor where I am using processAdd method for hooking into the
solr document add/update lifecycle.
This module is dependent on 3rd party libraries like Apache httpcomponents,
Jackson etc. which are already provided by Solr so when I try to add a document
to Solr the request comes to processAdd method where I make a call to 3rd party
API using Apache httpcomponents and finally deserializing the response using
Jackson.
However, I get the following exception while deserializing the response using
Jackson.
{code:java}
Caused by: java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "accessDeclaredMembers")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
~[?:?]
at
java.security.AccessController.checkPermission(AccessController.java:897) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
~[?:?]
at java.lang.Class.checkMemberAccess(Class.java:2847) ~[?:?]
at java.lang.Class.getDeclaredFields(Class.java:2246) ~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:73)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:71)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collect(AnnotatedFieldCollector.java:48)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collectFields(AnnotatedFieldCollector.java:43)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedClass._fields(AnnotatedClass.java:370)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedClass.fields(AnnotatedClass.java:342)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector._addFields(POJOPropertiesCollector.java:519)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.collectAll(POJOPropertiesCollector.java:445)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getPropertyMap(POJOPropertiesCollector.java:405)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getProperties(POJOPropertiesCollector.java:247)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.BasicBeanDescription._properties(BasicBeanDescription.java:164)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.BasicBeanDescription.findProperties(BasicBeanDescription.java:239)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._findCreatorsFromProperties(BasicDeserializerFactory.java:317)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._constructDefaultValueInstantiator(BasicDeserializerFactory.java:271)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BasicDeserializerFactory.findValueInstantiator(BasicDeserializerFactory.java:222)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.buildBeanDeserializer(BeanDeserializerFactory.java:262)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.createBeanDeserializer(BeanDeserializerFactory.java:151)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer2(DeserializerCache.java:415)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer(DeserializerCache.java:350)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:264)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142)
~[?:?]
at
com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:654)
~[?:?]
at
com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4956)
~[?:?]
at
com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4826)
~[?:?]
at
com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3825)
~[?:?]{code}
was:
I have created a module containing an implementation of
UpdateRequestProcessor where I am using processAdd method for hooking into the
solr document add/update lifecycle.
This module is dependent on 3rd part libraries like Apache httpcomponents,
Jackson etc. which are already provided by Solr so when I try to add a document
to Solr the request comes to processAdd method where I make a call to 3rd party
API using Apache httpcomponents and finally deserializing the response using
Jackson.
However, I get the following exception while deserializing the response using
Jackson.
{code:java}
Caused by: java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "accessDeclaredMembers")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
~[?:?]
at
java.security.AccessController.checkPermission(AccessController.java:897) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
~[?:?]
at java.lang.Class.checkMemberAccess(Class.java:2847) ~[?:?]
at java.lang.Class.getDeclaredFields(Class.java:2246) ~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:73)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:71)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collect(AnnotatedFieldCollector.java:48)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collectFields(AnnotatedFieldCollector.java:43)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedClass._fields(AnnotatedClass.java:370)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.AnnotatedClass.fields(AnnotatedClass.java:342)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector._addFields(POJOPropertiesCollector.java:519)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.collectAll(POJOPropertiesCollector.java:445)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getPropertyMap(POJOPropertiesCollector.java:405)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getProperties(POJOPropertiesCollector.java:247)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.BasicBeanDescription._properties(BasicBeanDescription.java:164)
~[?:?]
at
com.fasterxml.jackson.databind.introspect.BasicBeanDescription.findProperties(BasicBeanDescription.java:239)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._findCreatorsFromProperties(BasicDeserializerFactory.java:317)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._constructDefaultValueInstantiator(BasicDeserializerFactory.java:271)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BasicDeserializerFactory.findValueInstantiator(BasicDeserializerFactory.java:222)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.buildBeanDeserializer(BeanDeserializerFactory.java:262)
~[?:?]
at
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.createBeanDeserializer(BeanDeserializerFactory.java:151)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer2(DeserializerCache.java:415)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer(DeserializerCache.java:350)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:264)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244)
~[?:?]
at
com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142)
~[?:?]
at
com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:654)
~[?:?]
at
com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4956)
~[?:?]
at
com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4826)
~[?:?]
at
com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3825)
~[?:?]{code}
> Jackson deserialization fails with java.security.AccessControlException
> -----------------------------------------------------------------------
>
> Key: SOLR-16902
> URL: https://issues.apache.org/jira/browse/SOLR-16902
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 9.3, 9.2.1
> Reporter: Rakesh Kumar
> Priority: Major
>
> I have created a module containing an implementation of
> UpdateRequestProcessor where I am using processAdd method for hooking into
> the solr document add/update lifecycle.
>
> This module is dependent on 3rd party libraries like Apache httpcomponents,
> Jackson etc. which are already provided by Solr so when I try to add a
> document to Solr the request comes to processAdd method where I make a call
> to 3rd party API using Apache httpcomponents and finally deserializing the
> response using Jackson.
>
> However, I get the following exception while deserializing the response using
> Jackson.
>
> {code:java}
> Caused by: java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" "accessDeclaredMembers")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> ~[?:?]
> at
> java.security.AccessController.checkPermission(AccessController.java:897)
> ~[?:?]
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
> ~[?:?]
> at java.lang.Class.checkMemberAccess(Class.java:2847) ~[?:?]
> at java.lang.Class.getDeclaredFields(Class.java:2246) ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:73)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector._findFields(AnnotatedFieldCollector.java:71)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collect(AnnotatedFieldCollector.java:48)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.AnnotatedFieldCollector.collectFields(AnnotatedFieldCollector.java:43)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.AnnotatedClass._fields(AnnotatedClass.java:370)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.AnnotatedClass.fields(AnnotatedClass.java:342)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector._addFields(POJOPropertiesCollector.java:519)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.collectAll(POJOPropertiesCollector.java:445)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getPropertyMap(POJOPropertiesCollector.java:405)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.POJOPropertiesCollector.getProperties(POJOPropertiesCollector.java:247)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.BasicBeanDescription._properties(BasicBeanDescription.java:164)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.introspect.BasicBeanDescription.findProperties(BasicBeanDescription.java:239)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._findCreatorsFromProperties(BasicDeserializerFactory.java:317)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.BasicDeserializerFactory._constructDefaultValueInstantiator(BasicDeserializerFactory.java:271)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.BasicDeserializerFactory.findValueInstantiator(BasicDeserializerFactory.java:222)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.buildBeanDeserializer(BeanDeserializerFactory.java:262)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.BeanDeserializerFactory.createBeanDeserializer(BeanDeserializerFactory.java:151)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer2(DeserializerCache.java:415)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.DeserializerCache._createDeserializer(DeserializerCache.java:350)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:264)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:244)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:142)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:654)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:4956)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4826)
> ~[?:?]
> at
> com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3825)
> ~[?:?]{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
