java.security.AccessControlException: access denied

UltraMax · May 10, 2022, 2:00pm

I’m using SonarQube sonarqube-9.4.0.54424 for Linux and embedding pligin there. The JBC SonarQube plugin is a Temenos extension to provide support for JBC language analysis.
When I run SonarQube it gives an exception

java.security.AccessControlException: access denied ("java.io.FilePermission" "/opt/sonarqube/data/web/deploy/plugins/JbcSonarPluginjdk11/META-INF/conf" "write")

I tried to solve it using

/etc/java-11-openjdk/security/java.policy
adding there smth like

grant {
    // SonarQube plugin allow
    permission java.io.FilePermission "/opt/sonarqube/data/web/deploy/plugins/JbcSonarPluginjdk8/-", "read,write";
};

but this did not help I tried also

permission java.io.FilePermission "/opt/sonarqube/data/web/deploy/plugins/JbcSonarPluginjdk11/META-INF/conf", "read,write";
or
permission java.io.FilePermission "/opt/sonarqube/data/web/deploy/plugins/JbcSonarPluginjdk11/META-INF/*", "read,write";
That did not help

I even tried this

permission java.security.AllPermission;
but in this case ElasticSearch gives an error

ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch. bootstrap check failure [1] of [1]: granting the all permission effectively disables security ERROR: Elasticsearch did not exit normally - check the logs at /opt/sonarqube/logs/sonarqube.log

I wonder - how can I allow JDK to create a file there?

In the plugin’s documentation there are requirements

Version higher than 7.8 requires Java 11+
Download | SonarQube
SonarQube scanner 3.X and higher or Maven 3 depending on the analysis mode used.
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
There is no compatibility matrix between SonarQube and SonarScanner
Sonar scanner version compatibility check
Oracle JDK 8 (a JRE is sufficient for SQ but JDK is required for JBC compilation to Java).
https://docs.sonarqube.org/display/SONAR/Requirements

Is it possible that I use openjdk version “11.0.14.1” 2022-02-08 and have no any Oracle JDK 8? I wonder how it’s supposed to use 2 different version of Java (11 and 1.8)?

ganncamp · May 11, 2022, 7:20am

Hi,

Welcome to the community!

You should really contact the plugin’s vendor / maintainers about this.

HTH,
Ann

UltraMax · May 12, 2022, 2:19pm

I was able to solve the issue by just downgrading SonarQube from 9.4 to 8.9.8 LTS version of the application
Now all the stuff is created where it needs to be created even without modifying /etc/java-11-openjdk/security/java.policy

    pwd
    /opt/sonarqube-8.9.8.54436/data/web/deploy/plugins/JbcSonarPluginjdk11/META-INF
    ls -l
    total 20
    drwxr-xr-x 2 sonarqube sonarqube 4096 May 12 16:58 conf
    drwxr-xr-x 4 sonarqube sonarqube 4096 May 12 16:58 lib
    drwxr-xr-x 3 sonarqube sonarqube 4096 May 12 16:58 log
    drwxr-xr-x 3 sonarqube sonarqube 4096 May 12 16:58 log_T24
    -rw-r--r-- 1 sonarqube sonarqube    1 May 12 16:58 uid
    -rw-r--r-- 1 sonarqube sonarqube    0 May 12 16:58 uid_lock