Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Hi Nick,

If you update the etc/sdc-security.policy, in the groovy section, as shown in the following, your pipeline should work.

grant codebase "file:/groovy/script" {
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.util.PropertyPermission "jdk.map.althashing.*", "read,write";
  permission java.util.PropertyPermission "groovy.json.internKeys", "read";
  permission java.util.PropertyPermission "groovy.json.faststringutils.*", "read";
};

The necessity to update the JVM permissions is expected in some cases when using the Groovy Evaluator Processor.

There is an example in StreamSets docs https://streamsets.com/documentation/datacollector/latest/help/index.html#Processors/Groovy.html#task_otr_swr_nx

I haven’t reviewed the source code of the Groovy JsonSlurper and JsonBuilder classes, but I did find an old reference to JsonSlurper using System properties. I’m betting it’s one of the reasons why the permissions need to be updated in your pipeline.

We may be able to further reduce the required permissions if the log statement is removed

log.info(new groovy.json.JsonBuilder(result).toPrettyString())

HTH,

Todd

Hi Nick,

If you update the etc/sdc-security.policy, in the groovy section, as shown in the following, your pipeline should work.

grant codebase "file:/groovy/script" {
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.util.PropertyPermission "jdk.map.althashing.*", "read,write";
  permission java.util.PropertyPermission "groovy.json.internKeys", "read";
  permission java.util.PropertyPermission "groovy.json.faststringutils.*", "read";
};

The necessity to update the JVM permissions is expected in some cases when using the Groovy Evaluator Processor.

There is an example in StreamSets docs https://streamsets.com/documentation/datacollector/latest/help/index.html#Processors/Groovy.html#task_otr_swr_nx

I haven’t reviewed the source code of the Groovy JsonSlurper and JsonBuilder classes, but I did find an old reference to JsonSlurper using System properties. I’m betting it’s one of the reasons why the permissions need to be updated in your pipeline.

We may be able to further reduce the required permissions if the log statement is removed

log.info(new groovy.json.JsonBuilder(result).toPrettyString())

HTH,

Todd