I am executing from my java application the following code using elasticsearch java api 5.6.10, I am execute an update using and use the groovy script inline
bulkRequest.add(
transportClient
.prepareUpdate(indexName, ResultType.RESULT.toString(), (String) obj.get("id"))
.setScript(new Script(ScriptType.INLINE,"groovy",script,params))
.setScriptedUpsert(true)
.setRetryOnConflict(configuration.db().saveMaxRetry())
.setUpsert(obj));
}
BulkResponse response = bulkRequest.execute().actionGet();
I am receiving the following error in elasticsearch cluster log:
fatal error in thread [elasticsearch[database-esearch-0][bulk][T#1]], exiting
org.codehaus.groovy.GroovyBugError: BUG! exception in phase 'semantic analysis' in source unit '0df6e095bd738a851cfed336c5e607ecfe1d3cd7' access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
at org.codehaus.groovy.control.CompilationUnit.applyToSourceUnits(CompilationUnit.java:935) ~[?:?]
at org.codehaus.groovy.control.CompilationUnit.doPhaseOperation(CompilationUnit.java:593) ~[?:?]
at org.codehaus.groovy.control.CompilationUnit.compile(CompilationUnit.java:542) ~[?:?]
at groovy.lang.GroovyClassLoader.doParseClass(GroovyClassLoader.java:298) ~[?:?]
at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:268) ~[?:?]
at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:254) ~[?:?]
at org.elasticsearch.script.groovy.GroovyScriptEngineService.lambda$compile$1(GroovyScriptEngineService.java:162) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_171]
at org.elasticsearch.script.groovy.GroovyScriptEngineService.compile(GroovyScriptEngineService.java:149) ~[?:?]
at org.elasticsearch.script.ScriptService.compile(ScriptService.java:307) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.update.UpdateHelper.executeScript(UpdateHelper.java:258) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.update.UpdateHelper.prepare(UpdateHelper.java:106) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.update.UpdateHelper.prepare(UpdateHelper.java:82) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.bulk.TransportShardBulkAction.executeUpdateRequest(TransportShardBulkAction.java:277) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.bulk.TransportShardBulkAction.executeBulkItemRequest(TransportShardBulkAction.java:162) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:115) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:70) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryShardReference.perform(TransportReplicationAction.java:975) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryShardReference.perform(TransportReplicationAction.java:944) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.ReplicationOperation.execute(ReplicationOperation.java:113) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.onResponse(TransportReplicationAction.java:345) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.onResponse(TransportReplicationAction.java:270) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction$1.onResponse(TransportReplicationAction.java:924) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction$1.onResponse(TransportReplicationAction.java:921) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.index.shard.IndexShardOperationsLock.acquire(IndexShardOperationsLock.java:151) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.index.shard.IndexShard.acquirePrimaryOperationLock(IndexShard.java:1659) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction.acquirePrimaryShardReference(TransportReplicationAction.java:933) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction.access$500(TransportReplicationAction.java:92) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.doRun(TransportReplicationAction.java:291) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:266) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:248) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:69) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.transport.TransportService$7.doRun(TransportService.java:644) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:638) ~[elasticsearch-5.6.3.jar:5.6.3]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-5.6.3.jar:5.6.3]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:1.8.0_171]
at java.security.AccessController.checkPermission(AccessController.java:884) ~[?:1.8.0_171]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ~[?:1.8.0_171]
at java.lang.Class.checkMemberAccess(Class.java:2348) ~[?:1.8.0_171]
at java.lang.Class.getDeclaredFields(Class.java:1915) ~[?:1.8.0_171]
at org.codehaus.groovy.vmplugin.v5.Java5.configureClassNode(Java5.java:356) ~[?:?]
at org.codehaus.groovy.ast.ClassNode.lazyClassInit(ClassNode.java:265) ~[?:?]
at org.codehaus.groovy.ast.ClassNode.getUnresolvedSuperClass(ClassNode.java:1004) ~[?:?]
at org.codehaus.groovy.ast.ClassNode.getUnresolvedSuperClass(ClassNode.java:999) ~[?:?]
at org.codehaus.groovy.control.ResolveVisitor.checkCyclicInheritence(ResolveVisitor.java:1284) ~[?:?]
at org.codehaus.groovy.control.ResolveVisitor.checkCyclicInheritence(ResolveVisitor.java:1284) ~[?:?]
at org.codehaus.groovy.control.ResolveVisitor.checkCyclicInheritence(ResolveVisitor.java:1284) ~[?:?]
at org.codehaus.groovy.control.ResolveVisitor.visitClass(ResolveVisitor.java:1261) ~[?:?]
at org.codehaus.groovy.control.ResolveVisitor.startResolving(ResolveVisitor.java:178) ~[?:?]
at org.codehaus.groovy.control.CompilationUnit$11.call(CompilationUnit.java:651) ~[?:?]
at org.codehaus.groovy.control.CompilationUnit.applyToSourceUnits(CompilationUnit.java:931) ~[?:?]
... 38 more
The groovy code that I am trying to execute through elasticsearch java api is the following:
if (ctx._source.output) {
ctx._source.count += amount;
} else {
def data = ctx._source.key;
def single = [:];
for (entry in data) {
outputs = colOutputs[entry.key];
types = colTypes[entry.key];
collectorName = collectorNames[entry.key];
i = 0;
for (val in entry.value) {
def value;
if (types[i].equalsIgnoreCase('number')) {
try {
value = val as long;
} catch (java.lang.NumberFormatException e) {
try {
val = val.replace(',', '.');
value = val as double;
} catch (java.lang.NumberFormatException ex) {
value = null;
};
};
} else if (types[i].equalsIgnoreCase('date')) {
try {
if(val.indexOf(".") != -1) {
value = Date.parse('yyyy-MM-dd HH:mm:ss.SSSz', val + 'UTC');
}
else {
value = Date.parse('yyyy-MM-dd HH:mm:ssz', val + 'UTC');
}
} catch (java.text.ParseException e) {
value = null;
};
} else {
value = val;
};
single.(collectorName + '|' + outputs[i++]) = value;
};
};
ctx._source.output = single;
ctx._source.remove('key');
};
This problem was fixed adding the followings lines:
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
in /usr/share/elasticsearch/modules/lang-groovy/plugin-security.policy