You are viewing the RapidMiner Developers documentation for version 9.9 -Check here for latest version
Security & Restrictions
To further facilitate both a safe and reliable experience for all our users, starting with RapidMiner Studio 7.2, we introduced both ajava.lang.SecurityManagerand ajava.security.Policyto RapidMiner Studio. The respective implementations can be found in thecom.rapidminer.securitypackage. These mechanisms will prevent certain dangerous calls from specific or unknown sources, e.g. by 3rd party extensions. This means if any of the following points are violated, aSecurityExceptionwill be thrown and the call will be prevented. List of default restrictions for 3rd party extensions starting with RapidMiner Studio 7.2:
- File deletion outside of the
java.io.tempdirfolder and the.RapidMiner/extensions/workspace/rmx_yourExtensionfolder is not permitted. ReflectPermissionis not granted at all. This includes bothnewProxyInPackage.*andsuppressAccessChecks. Note that regular (non-invasive) usage of reflection is fine and still permitted!- No
RuntimePermissionsexcept foraccessDeclaredMembers,getenv.*,getFileSystemAttributes,readFileDescriptor,writeFileDescriptor,queuePrintJob, andshutdownHooksare granted. - No
AWTPermissionsexcept forlistenToAllAWTEvents,setWindowAlwaysOnTop, andwatchMousePointerare granted. - Trying to replace the
SecurityManagerof RapidMiner Studio is not permitted byanycode whatsoever.
Please note that Java security works with the principle of the lowest common denominator. The permissions for a call are defined by the lowest permissions for any part of the call stack. This includes libraries you are using. If those libraries for example rely on using reflection to suppress access checks, they will not work for your extension anymore.
If the RapidMiner Studio version isSNAPSHOT, all permissions are granted to all extensions. This is done to make the life of extension developers easier. To test how your extension behaves under real-world conditions, edit thegradle.propertiesfile in the Studio core project and remove the-SNAPSHOTsuffix. Then execute the Gradle taskjarto update the version and start Studio again.
Granting Additional Permissions
Starting from RapidMiner Studio 7.4 users that haveLarge licensescan grant additional permissions to unsigned extensions. This is configurable in the Start-up section of the Settings. Activating this setting enables the following permissions:
| Group | Permission | Description |
|---|---|---|
AWTPermission |
accessClipboard |
Posting and retrieval of information to and from the AWT clipboard |
ReflectPermission |
suppressAccessChecks |
Provides the ability to access fields and invoke methods in a class. This includes not only public, but protected and private fields and methods as well. |
ReflectPermission |
newProxyInPackage.* |
specifie创建代理实例的能力d package of which the non-public interface that the proxy class implements. |
RuntimePermissions |
createClassLoader |
Creation of a class loader |
RuntimePermissions |
getClassLoader |
Retrieval of a class loader (e.g., the class loader for the calling class) |
RuntimePermissions |
setContextClassLoader |
Setting of the context class loader used by a thread |
RuntimePermissions |
enableContextClassLoaderOverride |
Subclass implementation of the thread context class loader methods |
RuntimePermissions |
closeClassLoader |
Closing of a ClassLoader |
RuntimePermissions |
setFactory |
Setting of the socket factory used by ServerSocket or Socket, or of the stream handler factory used by URL |
RuntimePermissions |
modifyThread |
Modification of threads, e.g., via calls to Threadinterrupt, stop, suspend, resume, setDaemon, setPriority, setNameandsetUncaughtExceptionHandlermethods |
RuntimePermissions |
stopThread |
Stopping of threads via calls to the Threadstopmethod |
RuntimePermissions |
modifyThreadGroup |
Modification of thread groups, e.g., via calls to ThreadGroupdestroy, getParent, resume, setDaemon, setMaxPriority, stop, andsuspendmethods |
RuntimePermissions |
loadLibrary.* |
Dynamic linking of the specified library |
RuntimePermissions |
getStackTrace |
Retrieval of the stack trace information of another thread. |
RuntimePermissions |
setDefaultUncaughtExceptionHandler |
Setting the default handler to be used when a thread terminates abruptly due to an uncaught exception. |
RuntimePermissions |
preferences |
Represents the permission required to get access to the java.util.prefs.Preferences implementations user or system root which in turn allows retrieval or update operations within the Preferences persistent backing store. |
PropertyPermission |
write |
Permission to write. AllowsSystem.setPropertyto be called. |
Future plans
Please be aware that we will further limit what 3rd party extensions will be able to do in the future to continue to facilitate both a safe and reliable experience for all our users. To allow sophisticated (and safe) extensions that do require those permissions, we will at that point in time also introduce mechanisms to acquire those permissions, e.g. via offering extension verification & signing or by adding mechanisms that allow the user to explicitly grant those permissions to your extension. There is no final list yet as to the exact limitations, but the following points can be assumed with reasonable certainty for unsigned 3rd party extensions:
- Read/Write access outside of the specific extension workspace folder (found in the.RapidMiner/extensions/workspace/rmx_yourExtensionfolder) will need to be permitted by the user
- Access to classes in the
sun.miscpackage will be forbidden entirely. This may be extended to othersun.*packages as well. - Opening socket connections (e.g. using URLConnections) will be subject to explicit user permission for each URL.
For more information on Java security features, see the official documentation from Oracle referenced below.Java安全文档
