I’m getting some strenge java error logs on elasticsearch
[2018-02-12T15:26:01,492][ERROR][t.b.r.a.d.l.u.UnboundidAuthenticationLdapClient] LDAP getting user operation failed. LDAPSearchException: An error occurred while attempting to connect to server :389: java.io.IOException: LDAPException(resultCode=91 (connect er
ror), errorMessage='An error occurred while attempting to establish a connection to server 172.16.1.1:389: AccessControlException(message='access denied ("java.net.SocketPermission" "172.16.1.1:389" "connect,resolve")', trace='checkPermission(AccessCo
ntrolContext.java:472) / checkPermission(AccessController.java:884) / checkPermission(SecurityManager.java:549) / checkConnect(SecurityManager.java:1051) / connect(Socket.java:584) / run(ConnectThread.java:146)', revision=24201)')
LDAPSearchException(resultCode=91 (connect error), numEntries=0, numReferences=0, errorMessage='An error occurred while attempting to connect to server xxx.com:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while
attempting to establish a connection to server 172.16.1.1:389: AccessControlException(message='access denied ("java.net.SocketPermission" "172.16.1.1:389" "connect,resolve")', trace='checkPermission(AccessControlContext.java:472) / checkPermission(Acc
essController.java:884) / checkPermission(SecurityManager.java:549) / checkConnect(SecurityManager.java:1051) / connect(Socket.java:584) / run(ConnectThread.java:146)', revision=24201)')')
at com.unboundid.ldap.sdk.AbstractConnectionPool.processRequestsAsync(AbstractConnectionPool.java:2703)
at tech.beshu.ror.acl.definitions.ldaps.unboundid.UnboundidBaseLdapClient.userById(UnboundidBaseLdapClient.java:57)
at tech.beshu.ror.acl.definitions.ldaps.unboundid.UnboundidAuthenticationLdapClient.authenticate(UnboundidAuthenticationLdapClient.java:58)
at tech.beshu.ror.acl.definitions.ldaps.caching.AuthenticationLdapClientCacheDecorator.authenticate(AuthenticationLdapClientCacheDecorator.java:71)
at tech.beshu.ror.acl.blocks.rules.impl.LdapAuthenticationAsyncRule.authenticate(LdapAuthenticationAsyncRule.java:45)
at tech.beshu.ror.acl.blocks.rules.AsyncAuthentication.match(AsyncAuthentication.java:59)
at tech.beshu.ror.acl.blocks.Block.lambda$checkAsyncRulesInSequence$4(Block.java:137)
at tech.beshu.ror.utils.FuturesSequencer.runInSeqUntilConditionIsUndone(FuturesSequencer.java:52)
at tech.beshu.ror.utils.FuturesSequencer.runInSeqUntilConditionIsUndone(FuturesSequencer.java:34)
at tech.beshu.ror.acl.blocks.Block.checkAsyncRulesInSequence(Block.java:135)
at tech.beshu.ror.acl.blocks.Block.checkAsyncRules(Block.java:125)
at tech.beshu.ror.acl.blocks.Block.check(Block.java:111)
at tech.beshu.ror.acl.ACL.lambda$doCheck$4(ACL.java:220)
at tech.beshu.ror.utils.FuturesSequencer.runInSeqUntilConditionIsUndone(FuturesSequencer.java:52)
at tech.beshu.ror.utils.FuturesSequencer.lambda$runInSeqUntilConditionIsUndone$2(FuturesSequencer.java:58)
at java.util.concurrent.CompletableFuture.uniComposeStage(CompletableFuture.java:981)
at java.util.concurrent.CompletableFuture.thenCompose(CompletableFuture.java:2124)
at tech.beshu.ror.utils.FuturesSequencer.runInSeqUntilConditionIsUndone(FuturesSequencer.java:53)
at tech.beshu.ror.utils.FuturesSequencer.runInSeqUntilConditionIsUndone(FuturesSequencer.java:41)
at tech.beshu.ror.acl.ACL.doCheck(ACL.java:216)
at tech.beshu.ror.acl.ACL.check(ACL.java:164)
at tech.beshu.ror.es.IndexLevelActionFilter.handleRequest(IndexLevelActionFilter.java:153)
at tech.beshu.ror.es.IndexLevelActionFilter.apply(IndexLevelActionFilter.java:128)
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:165)
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:139)
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:81)
at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83)
at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:405)
at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:71)
at org.elasticsearch.xpack.rest.action.RestXPackInfoAction.lambda$doPrepareRequest$0(RestXPackInfoAction.java:63)
at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:97)
at tech.beshu.ror.es.ReadonlyRestPlugin.lambda$null$3(ReadonlyRestPlugin.java:176)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:240)
at org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:336)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:174)
at org.elasticsearch.http.netty4.Netty4HttpServerTransport.dispatchRequest(Netty4HttpServerTransport.java:497)
at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:80)
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at org.elasticsearch.http.netty4.pipelining.HttpPipeliningHandler.channelRead(HttpPipeliningHandler.java:68)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:284)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
at java.lang.Thread.run(Thread.java:748)
Caused by: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server xxx.com:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server 172.16.1.1:389: AccessControlException(message='access denied ("java.net.SocketPermission" "172.16.1.1:389" "connect,resolve")', trace='checkPermission(AccessControlContext.java:472) / checkPermission(AccessController.java:884) / checkPermission(SecurityManager.java:549) / checkConnect(SecurityManager.java:1051) / connect(Socket.java:584) / run(ConnectThread.java:146)', revision=24201)')')
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:870)
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:760)
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:710)
at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:534)
at com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:229)
at com.unboundid.ldap.sdk.ServerSet.getConnection(ServerSet.java:98)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1205)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1178)
at com.unboundid.ldap.sdk.LDAPConnectionPool.getConnection(LDAPConnectionPool.java:1706)
at com.unboundid.ldap.sdk.AbstractConnectionPool.processRequestsAsync(AbstractConnectionPool.java:2698)
... 78 more
Caused by: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server 172.16.1.1:389: AccessControlException(message='access denied ("java.net.SocketPermission" "172.16.1.1:389" "connect,resolve")', trace='checkPermission(AccessControlContext.java:472) / checkPermission(AccessController.java:884) / checkPermission(SecurityManager.java:549) / checkConnect(SecurityManager.java:1051) / connect(Socket.java:584) / run(ConnectThread.java:146)', revision=24201)')
at sun.reflect.GeneratedConstructorAccessor40.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.unboundid.util.StaticUtils.createIOExceptionWithCause(StaticUtils.java:2524)
at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:172)
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:860)
... 87 more
Caused by: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server 172.16.1.1:389: AccessControlException(message='access denied ("java.net.SocketPermission" "172.16.1.1:389" "connect,resolve")', trace='checkPermission(AccessControlContext.java:472) / checkPermission(AccessController.java:884) / checkPermission(SecurityManager.java:549) / checkConnect(SecurityManager.java:1051) / connect(Socket.java:584) / run(ConnectThread.java:146)', revision=24201)')
at com.unboundid.ldap.sdk.ConnectThread.getConnectedSocket(ConnectThread.java:240)
at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:161)
... 88 more
Caused by: java.security.AccessControlException: access denied ("java.net.SocketPermission" "172.16.1.1:389" "connect,resolve")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
at java.net.Socket.connect(Socket.java:584)
at com.unboundid.ldap.sdk.ConnectThread.run(ConnectThread.java:146)
Java policy are present, but elastic cannot connect to my ldap server.
Any idea ?