PG-10 invoke an UDF report 'java.lang.SecurityException' read on /path/to/pljava-1.5.7.jar error #508
Description
Background information
os-version: centos-7.0 with 4.14.105-19-0024
pg-version: pg-10
pljava-version: 1.5.7
jvm-options:
pljava.vmoptions = '-Djava.security.manager,-Djava.security.policy=/data/TEST/backup_env/jdk/jre/lib/security/java.policy'
pljava.classpath = '/data/TEST/backup_env/jdk/lib/pljava-1.5.7.jar'java.policy, added the pljava-1.5.7.jar path into it.
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};
grant {
permission java.security.AllPermission;
};
// default permissions granted to all domains
grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See the API specification of java.lang.Thread.stop() for more
// information.
permission java.lang.RuntimePermission "stopThread";
// allows anyone to listen on dynamic ports
permission java.net.SocketPermission "localhost:0", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.maintenance.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
permission java.util.PropertyPermission "sun.security.pkcs11.disableKeyExtraction", "read";
permission java.io.FilePermission "/data/TEST/backup_env/jdk/lib/pljava-1.5.7.jar", "read";
};Basic operation:
export CLASSPATH=/data/home/hugoozhang/source/TBase-V3.0/build/tdsqla/share/postgresql/pljava/:.:/data/home/hugoozhang/source/ft_local/jdk/lib/dt.jar:/data/home/hugoozhang/source/ft_local/jdk/lib/tools.jar
create extension pljava;
alter database postgres set pljava.libjvm_location='/data/home/hugoozhang/source/ft_local/jdk/jre/lib/amd64/server/libjvm.so';
select pg_reload_conf();
CREATE FUNCTION privacy_decrypt(VARCHAR)
RETURNS VARCHAR IMMUTABLE
AS 'com.hihonor.udf.PrivacyDecryption.decrypt'
LANGUAGE JAVA;
select sqlj.install_jar('file:/path/to/test_udf-1.0.jar', `test_udf', true);
select sqlj.set_classpath('public', 'test_udf');
show pljava.libjvm_location;
show pljava.classpath;
# udf in a independent jar
select public.privacy_decrypt('bj1#cn#408b48edd19dfc417305153b5ee4be8f');
ERROR: (XX000) java.lang.SecurityException: read on /data/tbase/backup_env/jdk/lib/pljava-1.5.7.jarDebug log
2024-11-26 14:14:39.461 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",44,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"find_in_dynamic_libpath: trying ""/data/TEST/user_1/tdata_00/cdwpg-qooqmt1n/3.16.9.1/install/TEST_pgxz/lib/postgresql/libpljava-so-1.5.7""",,,,,,,,,"psql"
2024-11-26 14:14:39.461 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",45,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"find_in_dynamic_libpath: trying ""/data/TEST/user_1/tdata_00/cdwpg-qooqmt1n/3.16.9.1/install/TEST_pgxz/lib/postgresql/libpljava-so-1.5.7.so""",,,,,,,,,"psql"
2024-11-26 14:14:39.471 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",46,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"Added JVM option string ""-Djava.security.manager,-Djava.security.policy=/data/TEST/backup_env/jdk/jre/lib/security/java.policy""",,,,,,,,,"psql"
2024-11-26 14:14:39.471 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",47,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"Added JVM option string ""-Dvisualvm.display.name=PL/Java:312425:datalake""",,,,,,,,,"psql"
2024-11-26 14:14:39.471 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",48,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"Added JVM option string ""vfprintf""",,,,,,,,,"psql"
2024-11-26 14:14:39.471 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",49,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"Added JVM option string ""-Xrs""",,,,,,,,,"psql"
2024-11-26 14:14:39.472 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",51,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"creating Java virtual machine",,,,,,,,,"psql"
2024-11-26 14:14:39.516 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",52,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"successfully created Java virtual machine",,,,,,,,,"psql"
2024-11-26 14:14:39.516 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",53,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"checking for a PL/Java Backend class on the given classpath",,,,,,,,,"psql"
2024-11-26 14:14:39.526 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",54,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"successfully loaded Backend class",,,,,,,,,"psql"
2024-11-26 14:14:39.746 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",55,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"PL/Java loaded","versions:
PL/Java native code (1.5.7)
PL/Java common code (1.5.7)
Built for (PostgreSQL 10.0 @ TEST_v3.16.9.1 (commit: c17de220c) 2024-11-15 09:03:25 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 7.3.0, 64-bit)
Loaded in (PostgreSQL 10.0 @ TEST_v3.16.9.1 (commit: c17de220c) 2024-11-15 09:03:25 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 7.3.0, 64-bit)
OpenJDK Runtime Environment (1.8.0_352-b1)
OpenJDK 64-Bit Server VM (25.352-b1, mixed mode, sharing)",,,,,,,,"psql"
2024-11-26 14:14:39.752 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",56,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"26 十一月 24 14:14:39 org.postgresql.pljava.internal.Backend Using SecurityManager for trusted language",,,,,,,,,"psql"
2024-11-26 14:14:39.762 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",57,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"className = 'com.hihonor.udf.PrivacyDecryption', methodName = 'decrypt', parameters = 'null', returnType = 'null'",,,,,,,,,"psql"
2024-11-26 14:14:39.762 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",58,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"26 十一月 24 14:14:39 org.postgresql.pljava.sqlj.Loader Creating typeMappings for schema public",,,,,,,,,"psql"
2024-11-26 14:14:39.841 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",6669,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"Loading class com.hihonor.udf.PrivacyDecryption",,,,,,,,,"psql"
2024-11-26 14:14:39.844 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",6682,"SELECT",2024-11-26 14:14:36 CST,21/465,0,DEBUG,00000,"Obtaining method com.hihonor.udf.PrivacyDecryption.decrypt (Ljava/lang/String;)Ljava/lang/String;",,,,,,,,,"psql"
2024-11-26 14:14:39.858 CST,"NC8441_465_0_0_0_0","TEST","datalake",312425,"coord(312425,465)","9.0.23.5:61858",6745674c.4c469,"coord(312425,465)","coord(0,0)",6708,"SELECT",2024-11-26 14:14:36 CST,21/465,0,LOG,00000,"An error occurred while calling the function, msg:java.lang.SecurityException: read on /data/TEST/backup_env/jdk/lib/pljava-1.5.7.jar",,,,,,"select public.privacy_decrypt('bj1#cn#408b48edd19dfc417305153b5ee4be8f');",,,"psql"It seems to be a problem caused by environment configuration, but I don’t know much about the Java-related system. Any feasible suggestions?
Best wishes.