Hi everyone
We are developing a new TokenFilter which, as part of the analysis of
tokens it performs, needs to make an "external" HTTP request. This
results in a AccessControlException due to missing
"java.net.SocketPermission". A relevant excerpt of the stacktrace:
Caused by: java.security.AccessControlException: access denied
("java.net.SocketPermission" "translation.googleapis.com:443"
"connect,resolve")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
~[?:?]
at
java.security.AccessController.checkPermission(AccessController.java:897)
~[?:?]
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:322) ~[?:?]
at java.lang.SecurityManager.checkConnect(SecurityManager.java:824)
~[?:?]
at sun.net.www.http.HttpClient.openServer(HttpClient.java:552) ~[?:?]
at
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:265) ~[?:?]
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372)
~[?:?]
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
~[?:?]
at
sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1187)
~[?:?]
at
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081)
~[?:?]
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
~[?:?]
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168)
~[?:?]
at
repackaged.com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:151)
~[?:?]
at
repackaged.com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:84)
~[?:?]
at
repackaged.com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1012)
~[?:?]
at
repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:552)
~[?:?]
at
repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:493)
~[?:?]
at
repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:603)
~[?:?]
at
repackaged.com.google.cloud.translate.spi.v2.HttpTranslateRpc.translate(HttpTranslateRpc.java:112)
~[?:?]
at
repackaged.com.google.cloud.translate.TranslateImpl$4.call(TranslateImpl.java:124)
~[?:?]
at
repackaged.com.google.cloud.translate.TranslateImpl$4.call(TranslateImpl.java:121)
~[?:?]
at
repackaged.com.google.api.gax.retrying.DirectRetryingExecutor.submit(DirectRetryingExecutor.java:103)
~[?:?]
at repackaged.com.google.cloud.RetryHelper.run(RetryHelper.java:76)
~[?:?]
at
repackaged.com.google.cloud.RetryHelper.runWithRetries(RetryHelper.java:50)
~[?:?]
at
repackaged.com.google.cloud.translate.TranslateImpl.translate(TranslateImpl.java:120)
~[?:?]
... 17 more
What we have tried to address this problem without success:
* Locating the jar file in different places: in a module dir, in the
main lib dir of the installation, in the lib dir of a collection.
The exception is the same in all cases.
* Changing the security.policy file in solr/server/etc and adding
permissions like this:
permission java.net.SocketPermission
"translation.googleapis.com", "connect,resolve";
permission java.net.SocketPermission
"translation.googleapis.com:443", "connect,resolve";
For reference, we have tried all of the aforementioned locations of
the jar file with both the original and the modified security.policy
files.
Does anyone have any suggestions on what additional / different steps
are necessary to allow such calls?
Thanks in advance for any input or pointers to relevant documentation
that we may have missed!
Best regards,
Alex
