You are viewing the RapidMiner Developers documentation for version 9.5 - Check here for latest version
Security & Restrictions
To further facilitate both a safe and reliable experience for all our users, starting with RapidMiner Studio 7.2, we introduced both a java.lang.SecurityManager and a java.security.Policy to RapidMiner Studio. The respective implementations can be found in the com.rapidminer.security package.
These mechanisms will prevent certain dangerous calls from specific or unknown sources, e.g. by 3rd party extensions. This means if any of the following points are violated, a SecurityException will be thrown and the call will be prevented.
List of default restrictions for 3rd party extensions starting with RapidMiner Studio 7.2:
- File deletion outside of the
java.io.tempdirfolder and the .RapidMiner/extensions/workspace/rmx_yourExtension folder is not permitted. ReflectPermissionis not granted at all. This includes bothnewProxyInPackage.*andsuppressAccessChecks. Note that regular (non-invasive) usage of reflection is fine and still permitted!- No
RuntimePermissionsexcept foraccessDeclaredMembers,getenv.*,getFileSystemAttributes,readFileDescriptor,writeFileDescriptor,queuePrintJob, andshutdownHooksare granted. - No
AWTPermissionsexcept forlistenToAllAWTEvents,setWindowAlwaysOnTop, andwatchMousePointerare granted. - Trying to replace the
SecurityManagerof RapidMiner Studio is not permitted by any code whatsoever.
Please note that Java security works with the principle of the lowest common denominator. The permissions for a call are defined by the lowest permissions for any part of the call stack. This includes libraries you are using. If those libraries for example rely on using reflection to suppress access checks, they will not work for your extension anymore.
If the RapidMiner Studio version is SNAPSHOT, all permissions are granted to all extensions. This is done to make the life of extension developers easier. To test how your extension behaves under real-world conditions, edit the gradle.properties file in the Studio core project and remove the -SNAPSHOT suffix. Then execute the Gradle task jar to update the version and start Studio again.
Granting Additional Permissions
Starting from RapidMiner Studio 7.4 users that have Large licenses can grant additional permissions to unsigned extensions. This is configurable in the Start-up section of the Settings. Activating this setting enables the following permissions:
| Group | Permission | Description |
|---|---|---|
AWTPermission |
accessClipboard |
Posting and retrieval of information to and from the AWT clipboard |
ReflectPermission |
suppressAccessChecks |
Provides the ability to access fields and invoke methods in a class. This includes not only public, but protected and private fields and methods as well. |
ReflectPermission |
newProxyInPackage.* |
Ability to create a proxy instance in the specified package of which the non-public interface that the proxy class implements. |
RuntimePermissions |
createClassLoader |
Creation of a class loader |
RuntimePermissions |
getClassLoader |
Retrieval of a class loader (e.g., the class loader for the calling class) |
RuntimePermissions |
setContextClassLoader |
Setting of the context class loader used by a thread |
RuntimePermissions |
enableContextClassLoaderOverride |
Subclass implementation of the thread context class loader methods |
RuntimePermissions |
closeClassLoader |
Closing of a ClassLoader |
RuntimePermissions |
setFactory |
Setting of the socket factory used by ServerSocket or Socket, or of the stream handler factory used by URL |
RuntimePermissions |
modifyThread |
Modification of threads, e.g., via calls to Thread interrupt, stop, suspend, resume, setDaemon, setPriority, setName and setUncaughtExceptionHandler methods |
RuntimePermissions |
stopThread |
Stopping of threads via calls to the Thread stop method |
RuntimePermissions |
modifyThreadGroup |
Modification of thread groups, e.g., via calls to ThreadGroup destroy, getParent, resume, setDaemon, setMaxPriority, stop, and suspend methods |
RuntimePermissions |
loadLibrary.* |
Dynamic linking of the specified library |
RuntimePermissions |
getStackTrace |
Retrieval of the stack trace information of another thread. |
RuntimePermissions |
setDefaultUncaughtExceptionHandler |
Setting the default handler to be used when a thread terminates abruptly due to an uncaught exception. |
RuntimePermissions |
preferences |
Represents the permission required to get access to the java.util.prefs.Preferences implementations user or system root which in turn allows retrieval or update operations within the Preferences persistent backing store. |
PropertyPermission |
write |
Permission to write. Allows System.setProperty to be called. |
Future plans
Please be aware that we will further limit what 3rd party extensions will be able to do in the future to continue to facilitate both a safe and reliable experience for all our users. To allow sophisticated (and safe) extensions that do require those permissions, we will at that point in time also introduce mechanisms to acquire those permissions, e.g. via offering extension verification & signing or by adding mechanisms that allow the user to explicitly grant those permissions to your extension. There is no final list yet as to the exact limitations, but the following points can be assumed with reasonable certainty for unsigned 3rd party extensions:
- Read/Write access outside of the specific extension workspace folder (found in the .RapidMiner/extensions/workspace/rmx_yourExtension folder) will need to be permitted by the user
- Access to classes in the
sun.miscpackage will be forbidden entirely. This may be extended to othersun.*packages as well. - Opening socket connections (e.g. using URLConnections) will be subject to explicit user permission for each URL.
For more information on Java security features, see the official documentation from Oracle referenced below. Java security documentation
