Merge branch 'master' of github.com:medcl/elasticsearch-analysis-ik

2018-07-26 10:25:44 +08:00 · 2018-07-26 10:25:44 +08:00 · 1422d5b96c
commit 1422d5b96c
parent 9fff6379ef 5190dba198
5 changed files with 36 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -37,7 +37,9 @@ Install

 * optional 1 - download pre-build package from here: https://github.com/medcl/elasticsearch-analysis-ik/releases

-    unzip plugin to folder `your-es-root/plugins/`
+    create plugin folder `cd your-es-root/plugins/ && mkdir ik`
+    
+    unzip plugin to folder `your-es-root/plugins/ik`

 * optional 2 - use elasticsearch-plugin to install ( supported from version v5.5.1 ):

--- a/src/main/assemblies/plugin.xml
+++ b/src/main/assemblies/plugin.xml
@ -18,6 +18,11 @@
            <outputDirectory/>
            <filtered>true</filtered>
        </file>
+        <file>
+            <source>${project.basedir}/src/main/resources/plugin-security.policy</source>
+            <outputDirectory/>
+            <filtered>true</filtered>
+        </file>
    </files>
    <dependencySets>
        <dependencySet>
--- a/src/main/java/org/wltea/analyzer/dic/Dictionary.java
+++ b/src/main/java/org/wltea/analyzer/dic/Dictionary.java
@ -36,6 +36,8 @@ import java.nio.file.Files;
 import java.nio.file.FileVisitResult;
 import java.nio.file.Path;
 import java.nio.file.SimpleFileVisitor;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.*;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
@ -47,6 +49,7 @@ import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
+import org.elasticsearch.SpecialPermission;
 import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.plugin.analysis.ik.AnalysisIkPlugin;
@ -439,10 +442,17 @@ public class Dictionary {

 	}

+	private static List<String> getRemoteWords(String location) {
+		SpecialPermission.check();
+		return AccessController.doPrivileged((PrivilegedAction<List<String>>) () -> {
+			return getRemoteWordsUnprivileged(location);
+		});
+	}
+
 	/**
 	 * 从远程服务器上下载自定义词条
 	 */
-	private static List<String> getRemoteWords(String location) {
+	private static List<String> getRemoteWordsUnprivileged(String location) {

 		List<String> buffer = new ArrayList<String>();
 		RequestConfig rc = RequestConfig.custom().setConnectionRequestTimeout(10 * 1000).setConnectTimeout(10 * 1000)
--- a/src/main/java/org/wltea/analyzer/dic/Monitor.java
+++ b/src/main/java/org/wltea/analyzer/dic/Monitor.java
@ -1,6 +1,8 @@
 package org.wltea.analyzer.dic;

 import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;

 import org.apache.http.client.config.RequestConfig;
 import org.apache.http.client.methods.CloseableHttpResponse;
@ -8,6 +10,7 @@ import org.apache.http.client.methods.HttpHead;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.logging.log4j.Logger;
+import org.elasticsearch.SpecialPermission;
 import org.elasticsearch.common.logging.ESLoggerFactory;

 public class Monitor implements Runnable {
@ -34,6 +37,15 @@ public class Monitor implements Runnable {
 		this.last_modified = null;
 		this.eTags = null;
 	}
+
+	public void run() {
+		SpecialPermission.check();
+		AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+			this.runUnprivileged();
+			return null;
+		});
+	}
+
 	/**
 	 * 监控流程：
 	 *  ①向词库服务器发送Head请求
@ -43,7 +55,7 @@ public class Monitor implements Runnable {
 	 *  ⑤休眠1min，返回第①步
 	 */

-	public void run() {
+	public void runUnprivileged() {

 		//超时设置
 		RequestConfig rc = RequestConfig.custom().setConnectionRequestTimeout(10*1000)
--- a/src/main/resources/plugin-security.policy
+++ b/src/main/resources/plugin-security.policy
@ -0,0 +1,4 @@
+grant {
+  // needed because of the hot reload functionality
+  permission java.net.SocketPermission "*", "connect,resolve";
+};