From 906311b30285bfdb1c344ef4c459f11fd56ae526 Mon Sep 17 00:00:00 2001 From: eyalkoren <41850454+eyalkoren@users.noreply.github.com> Date: Mon, 5 Dec 2022 16:47:58 +0200 Subject: [PATCH 1/2] Update docs with support for SecurityManager --- docs/setup.asciidoc | 22 ++++++++++++++++++++++ docs/supported-technologies.asciidoc | 3 --- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/docs/setup.asciidoc b/docs/setup.asciidoc index 0cd28b8051..68c8409216 100644 --- a/docs/setup.asciidoc +++ b/docs/setup.asciidoc @@ -36,6 +36,28 @@ If {apm-guide-ref}/agent-tls.html[SSL/TLS communication] is enabled on the APM S Learn how to set up AWS Lambda functions tracing in our <>. +[float] +[[security-manager]] +=== Using with Security Manager enabled + +The agent should work as expected on JVMs with an enabled `SecurityManager`, provided that it is granted with `java.security.AllPermission`. +Make sure that the following snippet is added to an effective* policy (replace with the real path** to the agent jar): +``` +grant codeBase "file:" { + permission java.security.AllPermission; +}; +``` +If you see a `java.lang.SecurityException` exception (for example a - `java.security.AccessControlException`) after verifying the above +`grant` snippet is effectively applied, open an issue in our https://github.com/elastic/apm-agent-java[GitHub repo] with a description +and the full stack trace. + +\* it is possible to have multiple policy files taking effect at the same time on a single JVM. The policy entry above can be added to an +existing policy or can be appended through the `java.security.policy` system property. See +https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html[documentation] for more details. + +\** you can make use of the https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#PropertyExp[property +expansion] capability for specifying the agent jar path. + [float] [[supported-technologies]] === Supported technologies diff --git a/docs/supported-technologies.asciidoc b/docs/supported-technologies.asciidoc index c9b3d02484..674ff1fb39 100644 --- a/docs/supported-technologies.asciidoc +++ b/docs/supported-technologies.asciidoc @@ -736,6 +736,3 @@ If you are seeing gaps in the span timeline and want to include additional metho [[supported-technologies-caveats]] === Caveats * Other JVM languages, like Scala, Kotlin and Groovy have not been tested yet. -* The agent does currently not support running on JVMs with an enabled `SecurityManager`. - You may see exceptions like this: `java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getProtectionDomain")`. - Try to grant `java.security.AllPermission` to the agent. From 7f9df42d6c14aab59c50f974d9fa49c2ee6de3db Mon Sep 17 00:00:00 2001 From: eyalkoren <41850454+eyalkoren@users.noreply.github.com> Date: Mon, 5 Dec 2022 17:10:50 +0200 Subject: [PATCH 2/2] Fix asterik escaping --- docs/setup.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/setup.asciidoc b/docs/setup.asciidoc index 68c8409216..92c6b2ab2e 100644 --- a/docs/setup.asciidoc +++ b/docs/setup.asciidoc @@ -51,11 +51,11 @@ If you see a `java.lang.SecurityException` exception (for example a - `java.secu `grant` snippet is effectively applied, open an issue in our https://github.com/elastic/apm-agent-java[GitHub repo] with a description and the full stack trace. -\* it is possible to have multiple policy files taking effect at the same time on a single JVM. The policy entry above can be added to an -existing policy or can be appended through the `java.security.policy` system property. See +{empty}* it is possible to have multiple policy files taking effect at the same time on a single JVM. The policy entry above can be added +to an existing policy or can be appended through the `java.security.policy` system property. See https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html[documentation] for more details. -\** you can make use of the https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#PropertyExp[property +{empty}** you can make use of the https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#PropertyExp[property expansion] capability for specifying the agent jar path. [float]