Merge pull request #17059 from elastic/fix/16864-attachment-doctypes

Fix attachments plugins with docx

Author: rjernst

core/src/main/java/org/elasticsearch/index/mapper/FieldMapper.java

@@ -374,7 +374,8 @@ public FieldMapper updateFieldType(Map<String, MappedFieldType> fullNameToFieldT
             // this can happen if this mapper represents a mapping update
             return this;
         } else if (fieldType.getClass() != newFieldType.getClass()) {
-            throw new IllegalStateException("Mixing up field types: " + fieldType.getClass() + " != " + newFieldType.getClass());
+            throw new IllegalStateException("Mixing up field types: " +
+                fieldType.getClass() + " != " + newFieldType.getClass() + " on field " + fieldType.name());
         }
         MultiFields updatedMultiFields = multiFields.updateFieldType(fullNameToFieldType);
         if (fieldType == newFieldType && multiFields == updatedMultiFields) {

plugins/ingest-attachment/src/main/java/org/elasticsearch/ingest/attachment/TikaImpl.java

@@ -137,6 +137,8 @@ static PermissionCollection getRestrictedPermissions() {
         perms.add(new SecurityPermission("putProviderProperty.BC"));
         perms.add(new SecurityPermission("insertProvider"));
         perms.add(new ReflectPermission("suppressAccessChecks"));
+        // xmlbeans, use by POI, needs to get the context classloader
+        perms.add(new RuntimePermission("getClassLoader"));
         perms.setReadOnly();
         return perms;
     }

plugins/ingest-attachment/src/main/plugin-metadata/plugin-security.policy

@@ -27,4 +27,6 @@ grant {
   permission java.security.SecurityPermission "insertProvider";
   // TODO: fix POI XWPF to not do this: https://bz.apache.org/bugzilla/show_bug.cgi?id=58597
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+  // needed by xmlbeans, as part of POI for MS xml docs
+  permission java.lang.RuntimePermission "getClassLoader";
 };

plugins/ingest-attachment/src/test/resources/rest-api-spec/test/ingest_attachment/30_files_supported.yaml

@@ -137,6 +137,8 @@ static PermissionCollection getRestrictedPermissions() {
         perms.add(new SecurityPermission("putProviderProperty.BC"));
         perms.add(new SecurityPermission("insertProvider"));
         perms.add(new ReflectPermission("suppressAccessChecks"));
+        // xmlbeans, use by POI, needs to get the context classloader
+        perms.add(new RuntimePermission("getClassLoader"));
         perms.setReadOnly();
         return perms;
     }

plugins/mapper-attachments/src/main/java/org/elasticsearch/mapper/attachments/TikaImpl.java

@@ -27,4 +27,6 @@ grant {
   permission java.security.SecurityPermission "insertProvider";
   // TODO: fix POI XWPF to not do this: https://bz.apache.org/bugzilla/show_bug.cgi?id=58597
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+  // needed by xmlbeans, as part of POI for MS xml docs
+  permission java.lang.RuntimePermission "getClassLoader";
 };