Categories

Versions

You are viewing the RapidMiner Developers documentation for version 9.7 -Check here for latest version

Security & Restrictions

To further facilitate both a safe and reliable experience for all our users, starting with RapidMiner Studio 7.2, we introduced both ajava.lang.SecurityManagerand ajava.security.Policyto RapidMiner Studio. The respective implementations can be found in thecom.rapidminer.securitypackage. These mechanisms will prevent certain dangerous calls from specific or unknown sources, e.g. by 3rd party extensions. This means if any of the following points are violated, aSecurityExceptionwill be thrown and the call will be prevented. List of default restrictions for 3rd party extensions starting with RapidMiner Studio 7.2:

  • File deletion outside of thejava.io.tempdirfolder and the.RapidMiner/extensions/workspace/rmx_yourExtensionfolder is not permitted.
  • ReflectPermissionis not granted at all. This includes bothnewProxyInPackage.*andsuppressAccessChecks. Note that regular (non-invasive) usage of reflection is fine and still permitted!
  • NoRuntimePermissionsexcept foraccessDeclaredMembers,getenv.*,getFileSystemAttributes,readFileDescriptor,writeFileDescriptor,queuePrintJob, andshutdownHooksare granted.
  • NoAWTPermissionsexcept forlistenToAllAWTEvents,setWindowAlwaysOnTop, andwatchMousePointerare granted.
  • Trying to replace theSecurityManagerof RapidMiner Studio is not permitted byanycode whatsoever.

请注意Java安全的主要工作ciple of the lowest common denominator. The permissions for a call are defined by the lowest permissions for any part of the call stack. This includes libraries you are using. If those libraries for example rely on using reflection to suppress access checks, they will not work for your extension anymore.

If the RapidMiner Studio version isSNAPSHOT, all permissions are granted to all extensions. This is done to make the life of extension developers easier. To test how your extension behaves under real-world conditions, edit thegradle.propertiesfile in the Studio core project and remove the-SNAPSHOTsuffix. Then execute the Gradle taskjarto update the version and start Studio again.

Granting Additional Permissions

Starting from RapidMiner Studio 7.4 users that haveLarge licensescan grant additional permissions to unsigned extensions. This is configurable in the Start-up section of the Settings. Activating this setting enables the following permissions:

Group Permission Description
AWTPermission accessClipboard Posting and retrieval of information to and from the AWT clipboard
ReflectPermission suppressAccessChecks Provides the ability to access fields and invoke methods in a class. This includes not only public, but protected and private fields and methods as well.
ReflectPermission newProxyInPackage.* Ability to create a proxy instance in the specified package of which the non-public interface that the proxy class implements.
RuntimePermissions createClassLoader Creation of a class loader
RuntimePermissions getClassLoader Retrieval of a class loader (e.g., the class loader for the calling class)
RuntimePermissions setContextClassLoader Setting of the context class loader used by a thread
RuntimePermissions enableContextClassLoaderOverride Subclass implementation of the thread context class loader methods
RuntimePermissions closeClassLoader Closing of a ClassLoader
RuntimePermissions setFactory Setting of the socket factory used by ServerSocket or Socket, or of the stream handler factory used by URL
RuntimePermissions modifyThread Modification of threads, e.g., via calls to Threadinterrupt, stop, suspend, resume, setDaemon, setPriority, setNameandsetUncaughtExceptionHandlermethods
RuntimePermissions stopThread Stopping of threads via calls to the Threadstopmethod
RuntimePermissions modifyThreadGroup Modification of thread groups, e.g., via calls to ThreadGroupdestroy, getParent, resume, setDaemon, setMaxPriority, stop, andsuspendmethods
RuntimePermissions loadLibrary.* Dynamic linking of the specified library
RuntimePermissions getStackTrace Retrieval of the stack trace information of another thread.
RuntimePermissions setDefaultUncaughtExceptionHandler Setting the default handler to be used when a thread terminates abruptly due to an uncaught exception.
RuntimePermissions preferences Represents the permission required to get access to the java.util.prefs.Preferences implementations user or system root which in turn allows retrieval or update operations within the Preferences persistent backing store.
PropertyPermission write Permission to write. AllowsSystem.setPropertyto be called.

Future plans

Please be aware that we will further limit what 3rd party extensions will be able to do in the future to continue to facilitate both a safe and reliable experience for all our users. To allow sophisticated (and safe) extensions that do require those permissions, we will at that point in time also introduce mechanisms to acquire those permissions, e.g. via offering extension verification & signing or by adding mechanisms that allow the user to explicitly grant those permissions to your extension. There is no final list yet as to the exact limitations, but the following points can be assumed with reasonable certainty for unsigned 3rd party extensions:

  • Read/Write access outside of the specific extension workspace folder (found in the.RapidMiner/extensions/workspace/rmx_yourExtensionfolder) will need to be permitted by the user
  • Access to classes in thesun.miscpackage will be forbidden entirely. This may be extended to othersun.*packages as well.
  • Opening socket connections (e.g. using URLConnections) will be subject to explicit user permission for each URL.

For more information on Java security features, see the official documentation from Oracle referenced below.Java安全文档