diff --git a/src/main/assemblies/plugin.xml b/src/main/assemblies/plugin.xml
index b2ef90033616b8aa8da45ce60b25a227f461d694..8b6fa5943b997cca5d6a1638177b4e470488ece1 100644
--- a/src/main/assemblies/plugin.xml
+++ b/src/main/assemblies/plugin.xml
@@ -18,6 +18,11 @@
true
+
+ ${project.basedir}/src/main/resources/plugin-security.policy
+
+ true
+
diff --git a/src/main/java/org/wltea/analyzer/dic/Dictionary.java b/src/main/java/org/wltea/analyzer/dic/Dictionary.java
index 4e077ce2c844129b12498e774bea40cc55878285..33105be6540ed2c1274aae3633b5410ec60d3d59 100644
--- a/src/main/java/org/wltea/analyzer/dic/Dictionary.java
+++ b/src/main/java/org/wltea/analyzer/dic/Dictionary.java
@@ -36,6 +36,8 @@ import java.nio.file.Files;
import java.nio.file.FileVisitResult;
import java.nio.file.Path;
import java.nio.file.SimpleFileVisitor;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.*;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
@@ -47,6 +49,7 @@ import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
+import org.elasticsearch.SpecialPermission;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.logging.ESLoggerFactory;
import org.elasticsearch.plugin.analysis.ik.AnalysisIkPlugin;
@@ -439,10 +442,17 @@ public class Dictionary {
}
+ private static List getRemoteWords(String location) {
+ SpecialPermission.check();
+ return AccessController.doPrivileged((PrivilegedAction>) () -> {
+ return getRemoteWordsUnprivileged(location);
+ });
+ }
+
/**
* 从远程服务器上下载自定义词条
*/
- private static List getRemoteWords(String location) {
+ private static List getRemoteWordsUnprivileged(String location) {
List buffer = new ArrayList();
RequestConfig rc = RequestConfig.custom().setConnectionRequestTimeout(10 * 1000).setConnectTimeout(10 * 1000)
diff --git a/src/main/java/org/wltea/analyzer/dic/Monitor.java b/src/main/java/org/wltea/analyzer/dic/Monitor.java
index fb5355c72c07deb653580373825526390b8c5819..f82064777e8cd8713ae9e0b9fcc20dd45af7183f 100644
--- a/src/main/java/org/wltea/analyzer/dic/Monitor.java
+++ b/src/main/java/org/wltea/analyzer/dic/Monitor.java
@@ -1,6 +1,8 @@
package org.wltea.analyzer.dic;
import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
@@ -8,6 +10,7 @@ import org.apache.http.client.methods.HttpHead;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.logging.log4j.Logger;
+import org.elasticsearch.SpecialPermission;
import org.elasticsearch.common.logging.ESLoggerFactory;
public class Monitor implements Runnable {
@@ -34,6 +37,15 @@ public class Monitor implements Runnable {
this.last_modified = null;
this.eTags = null;
}
+
+ public void run() {
+ SpecialPermission.check();
+ AccessController.doPrivileged((PrivilegedAction) () -> {
+ this.runUnprivileged();
+ return null;
+ });
+ }
+
/**
* 监控流程:
* ①向词库服务器发送Head请求
@@ -43,7 +55,7 @@ public class Monitor implements Runnable {
* ⑤休眠1min,返回第①步
*/
- public void run() {
+ public void runUnprivileged() {
//超时设置
RequestConfig rc = RequestConfig.custom().setConnectionRequestTimeout(10*1000)
diff --git a/src/main/resources/plugin-security.policy b/src/main/resources/plugin-security.policy
new file mode 100644
index 0000000000000000000000000000000000000000..55d759a3c15fd51e5f0da2b111413525bf7c06a2
--- /dev/null
+++ b/src/main/resources/plugin-security.policy
@@ -0,0 +1,4 @@
+grant {
+ // needed because of the hot reload functionality
+ permission java.net.SocketPermission "*", "connect,resolve";
+};
\ No newline at end of file