The way jackson-databind is being used, is that it always uses reflection to suppress access checking in order to deserialise into the geoip2 model classes. This doesn't have to be way and jackson-databind can also be used without suppressing access checks. The jackson-databind's ObjectMapper needs be configured to not overwrite access modifiers ObjectMapper#configure(MapperFeature.CAN_OVERRIDE_ACCESS_MODIFIERS, false) and the model classes would then also need to have public getters/setters or public constructors. I'm wondering if using reflection to suppress access checking was chosen for a particular reason. It would be great if geoip2-java can be used without the suppressAccessChecks permission.
We're currently developing a pipeline framework to enrich data before indexing:
elastic/elasticsearch#14049
and are using geoip for geo lookups: https://github.com/elastic/elasticsearch/blob/feature/ingest/plugins/ingest/src/main/java/org/elasticsearch/ingest/processor/geoip/GeoIpProcessor.java#L47
Elasticsearch runs with the security manager enabled and doesn't allow suppressing access checks. Because this pipeline framework is a plugin we can specifically allow it in specifically privilege code blocks, but we prefer to use geoip2 without setting the suppressAccessChecks privilege at all.
The way jackson-databind is being used, is that it always uses reflection to suppress access checking in order to deserialise into the geoip2 model classes. This doesn't have to be way and jackson-databind can also be used without suppressing access checks. The jackson-databind's
ObjectMapperneeds be configured to not overwrite access modifiersObjectMapper#configure(MapperFeature.CAN_OVERRIDE_ACCESS_MODIFIERS, false)and the model classes would then also need to have public getters/setters or public constructors. I'm wondering if using reflection to suppress access checking was chosen for a particular reason. It would be great if geoip2-java can be used without thesuppressAccessCheckspermission.We're currently developing a pipeline framework to enrich data before indexing:
elastic/elasticsearch#14049
and are using geoip for geo lookups: https://github.com/elastic/elasticsearch/blob/feature/ingest/plugins/ingest/src/main/java/org/elasticsearch/ingest/processor/geoip/GeoIpProcessor.java#L47
Elasticsearch runs with the security manager enabled and doesn't allow suppressing access checks. Because this pipeline framework is a plugin we can specifically allow it in specifically privilege code blocks, but we prefer to use geoip2 without setting the
suppressAccessChecksprivilege at all.