@@ -215,6 +215,13 @@ public Writeable captureAsWriteable() {
215215 * For example, a user might not have permission to GET from the tasks index
216216 * but the tasks API will perform a get on their behalf using this method
217217 * if it can't find the task in memory.
218+ *
219+ * Usage of stashWithOrigin is guarded by a ThreadContextPermission. In order to use
220+ * stashWithOrigin, the codebase needs to explicitly be granted permission in the JSM policy file.
221+ *
222+ * Add an entry in the grant portion of the policy file like this:
223+ *
224+ * permission org.opensearch.secure_sm.ThreadContextPermission "stashWithOrigin";
218225 */
219226 public StoredContext stashWithOrigin (String origin ) {
220227 SecurityManager sm = System .getSecurityManager ();
@@ -237,6 +244,13 @@ public StoredContext stashWithOrigin(String origin) {
237244 * Removes the current context and resets a new context that contains a merge of the current headers and the given headers.
238245 * The removed context can be restored when closing the returned {@link StoredContext}. The merge strategy is that headers
239246 * that are already existing are preserved unless they are defaults.
247+ *
248+ * Usage of stashAndMergeHeaders is guarded by a ThreadContextPermission. In order to use
249+ * stashAndMergeHeaders, the codebase needs to explicitly be granted permission in the JSM policy file.
250+ *
251+ * Add an entry in the grant portion of the policy file like this:
252+ *
253+ * permission org.opensearch.secure_sm.ThreadContextPermission "stashAndMergeHeaders";
240254 */
241255 public StoredContext stashAndMergeHeaders (Map <String , String > headers ) {
242256 SecurityManager sm = System .getSecurityManager ();
![opensearch-trigger-bot[bot]](https://avatars.githubusercontent.com/u/80134844?v=4&size=40){kind=avatar}
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments