@@ -215,6 +215,13 @@ public Writeable captureAsWriteable() {
215
215
* For example, a user might not have permission to GET from the tasks index
216
216
* but the tasks API will perform a get on their behalf using this method
217
217
* if it can't find the task in memory.
218
+ *
219
+ * Usage of stashWithOrigin is guarded by a ThreadContextPermission. In order to use
220
+ * stashWithOrigin, the codebase needs to explicitly be granted permission in the JSM policy file.
221
+ *
222
+ * Add an entry in the grant portion of the policy file like this:
223
+ *
224
+ * permission org.opensearch.secure_sm.ThreadContextPermission "stashWithOrigin";
218
225
*/
219
226
public StoredContext stashWithOrigin (String origin ) {
220
227
SecurityManager sm = System .getSecurityManager ();
@@ -237,6 +244,13 @@ public StoredContext stashWithOrigin(String origin) {
237
244
* Removes the current context and resets a new context that contains a merge of the current headers and the given headers.
238
245
* The removed context can be restored when closing the returned {@link StoredContext}. The merge strategy is that headers
239
246
* that are already existing are preserved unless they are defaults.
247
+ *
248
+ * Usage of stashAndMergeHeaders is guarded by a ThreadContextPermission. In order to use
249
+ * stashAndMergeHeaders, the codebase needs to explicitly be granted permission in the JSM policy file.
250
+ *
251
+ * Add an entry in the grant portion of the policy file like this:
252
+ *
253
+ * permission org.opensearch.secure_sm.ThreadContextPermission "stashAndMergeHeaders";
240
254
*/
241
255
public StoredContext stashAndMergeHeaders (Map <String , String > headers ) {
242
256
SecurityManager sm = System .getSecurityManager ();
0 commit comments