Access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.org.objectweb.asm")

nathanc · May 10, 2022, 7:29am

Thanks for posting this solution!

Rather than modifying the default.policy file, I’ve taken the security.policy from the Elasticsearch repo and added the following to the existing grant section at the end of the file (right before the last } character):

  // perms needed by sonarqube ES
  permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.org.objectweb.asm";
  permission java.lang.RuntimePermission "accessDeclaredMembers";

I assume that the policy from Elasticsearch is the right one - I found it in this blog post: Mitigate Log4j / Log4Shell in Elasticsearch (CVE-2021-44228).

I then changed sonar.properties to use this security policy in the Elasticsearch process:

sonar.search.javaAdditionalOpts=-Djava.security.policy=/opt/sonarqube/elasticsearch/config/security.policy

I did this because I figured that it was less likely to get overwritten by updates in the future and was easier to manage from my Ansible playbook. I’m posting here in case it helps someone else in the future.

Topic		Replies	Views
SonarQube stops after a few seconds SonarQube Server / Community Build	2	1790	December 12, 2019
java.security.AccessControlException: access denied SonarQube Server / Community Build plugin , custom_plugin	2	3266	May 12, 2022
Access denied ("java.lang.RuntimePermission" "getClassLoader") for Plugin in Computing Engine of SQ 8.0 and SQ 8.1 SonarQube Server / Community Build	5	4582	November 25, 2020
SonarQube with Amazon Corretto? SonarQube Server / Community Build	4	1177	January 31, 2023
Facing error while upgrading from SonarQube 8.9 LTS to 9.9 LTS SonarQube Server / Community Build	2	721	April 6, 2023

Access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.org.objectweb.asm")

Related topics