Java 9 build 148 causes trouble in Apache Lucene/Solr/Elasticsearch

Eric Johnson eric at tibco.com
Sat Dec 10 06:42:01 UTC 2016


On 12/9/16 3:21 PM, Uwe Schindler wrote:
> The -Dsun.reflect.debugModuleAccessChecks=true options help to debug, indeed, but it does not solve the underlying issue. Apache Solr/Lucene and Elasticsearch will no longer work with Java 9 unless you require users to add those strange options. Elasticsearch already runs with a SecurityManager by default, so the question is: why is this not handled by a security manager and a new permission like "crossModuleAccess/module/package"? Why must it be done on command line? This makes it impossible to ship something like Lucene that it work out of box together with correct policy files?
I've asked the question multiple times on this list, about what the
threat model analysis is behind this new level of runtime "security".

Alas, no answers so far.

Eric.



More information about the jigsaw-dev mailing list