Policy policy = readPolicy(policyFile.toUri().toURL(), getCodebaseJarMap(codebases));
/** * Initializes SecurityManager for the environment * Can only happen once! * @param environment configuration for generating dynamic permissions * @param filterBadDefaults true if we should filter out bad java defaults in the system policy. */ static void configure(Environment environment, boolean filterBadDefaults) throws IOException, NoSuchAlgorithmException { // enable security policy: union of template and environment-based paths, and possibly plugin permissions Map<String, URL> codebases = getCodebaseJarMap(JarHell.parseClassPath()); Policy.setPolicy(new ESPolicy(codebases, createPermissions(environment), getPluginPermissions(environment), filterBadDefaults)); // enable security manager final String[] classesThatCanExit = new String[]{ // SecureSM matches class names as regular expressions so we escape the $ that arises from the nested class name ElasticsearchUncaughtExceptionHandler.PrivilegedHaltAction.class.getName().replace("$", "\\$"), Command.class.getName()}; System.setSecurityManager(new SecureSM(classesThatCanExit)); // do some basic tests selfTest(); }
policies.add(Security.readPolicy(policyFile, Security.getCodebaseJarMap(codebases)));
Policy policy = readPolicy(policyFile.toUri().toURL(), getCodebaseJarMap(codebases));
Policy policy = readPolicy(policyFile.toUri().toURL(), getCodebaseJarMap(codebases));
/** * Initializes SecurityManager for the environment * Can only happen once! * @param environment configuration for generating dynamic permissions * @param filterBadDefaults true if we should filter out bad java defaults in the system policy. */ static void configure(Environment environment, boolean filterBadDefaults) throws IOException, NoSuchAlgorithmException { // enable security policy: union of template and environment-based paths, and possibly plugin permissions Map<String, URL> codebases = getCodebaseJarMap(JarHell.parseClassPath()); Policy.setPolicy(new ESPolicy(codebases, createPermissions(environment), getPluginPermissions(environment), filterBadDefaults)); // enable security manager final String[] classesThatCanExit = new String[]{ // SecureSM matches class names as regular expressions so we escape the $ that arises from the nested class name ElasticsearchUncaughtExceptionHandler.PrivilegedHaltAction.class.getName().replace("$", "\\$"), Command.class.getName()}; System.setSecurityManager(new SecureSM(classesThatCanExit)); // do some basic tests selfTest(); }
/** * Initializes SecurityManager for the environment * Can only happen once! * @param environment configuration for generating dynamic permissions * @param filterBadDefaults true if we should filter out bad java defaults in the system policy. */ static void configure(Environment environment, boolean filterBadDefaults) throws IOException, NoSuchAlgorithmException { // enable security policy: union of template and environment-based paths, and possibly plugin permissions Map<String, URL> codebases = getCodebaseJarMap(JarHell.parseClassPath()); Policy.setPolicy(new ESPolicy(codebases, createPermissions(environment), getPluginPermissions(environment), filterBadDefaults)); // enable security manager final String[] classesThatCanExit = new String[]{ // SecureSM matches class names as regular expressions so we escape the $ that arises from the nested class name ElasticsearchUncaughtExceptionHandler.PrivilegedHaltAction.class.getName().replace("$", "\\$"), Command.class.getName()}; System.setSecurityManager(new SecureSM(classesThatCanExit)); // do some basic tests selfTest(); }