We are having the same issue. Here’s how we got around this.
How to get around Spark 3.x jna requirements for Applocker or other Application Whitelisting technologies.
On Windows, Spark drops a uniquely-name jna*.dll file in a user’s %temp% directory (in a jna subfolder). The .dll is not signed, so no cert-based bypass rule can be made for it. The .dll can change names/paths and in general for Application whitelisting, the thought is to stop all execuable/dll files from running/loading in areas a normal (non-admin) user can write to.
The problem isn’t really with Spark, but with the behavior of the jna .dll (Java Native Access). The behavior seen above is the last option of where JNA attempts to load the jna.dll from - See "Loading JNA here Overview (JNA API) "
**Get the jna .dll
Method 1:
after install, launch spark.
Go to user’s %temp% directory and get the jna*.dll file out of the jna folder. Rename to jnadispatch.dll
Method 2:
Open C:\program files (x86)\Spark\lib\jna-5.12.1.jar with a tool like 7zip. In com\sun\jna
win32-x86 has the version matching in %temp% (I believe win32-x86-64 would be for if Spark was 64bit - we have spark 32bit so win32-x86)
jnidispatch.dll
Place in Program files (x86)\spark\lib\windows64\
**Set some java options:
Do not unpack the JNA:
-Djna.nounpack=true
Set a path to the JNA library:
(path relative to java’s directory - we are using spark installer with jre, so ../lib/)
-Djna.boot.library.path=“../lib/windows%SPARK64%/”
flatlaf is not JNA, but another library that uses a similar approach and has an override option (see end of document)
-Dflatlaf.nativeLibraryPath=“../lib/windows%SPARK64%/”
Method 1:
in C:\program files (x86)\spark\bin\ edit startup.bat
The first instance of “java” (around line 12) is the “normal” startup if launching from startup.bat
add this to the line: -Djna.nounpack=true -Djna.boot.library.path=“../lib/windows%SPARK64%/” -Dflatlaf.nativeLibraryPath=“../lib/windows%SPARK64%/”
so it reads like this:
java -Dappdir=.. -cp ../lib/;../lib/windows%SPARK64%/jdic.jar;../resources;../lib/windows%SPARK64%; -Djava.library.path=“../lib/windows%SPARK64%/” -Djna.nounpack=true -Djna.boot.library.path=“../lib/windows%SPARK64%/” -Dflatlaf.nativeLibraryPath=“../lib/windows%SPARK64%/” org.jivesoftware.launcher.Startup
This works if you want to launch spark via startup.bat, but what if you want to run it via spark.exe ?
Using the same java line from startup.bat, go to Program files (x86)\spark\ & create a new text file named exactly Spark.exe.vmoptions
(vmoptions meaning “java virtual machine options”)
using the -D -cp etc lines above, put each entry on a separate line like:
-Dappdir=..
-cp ../lib/*;../lib/windows%SPARK64%/jdic.jar;../resources;../lib/windows%SPARK64%;
-Djava.library.path=“../lib/windows%SPARK64%/”
-Djna.nounpack=true
-Djna.boot.library.path=“../lib/windows%SPARK64%/”
-Dflatlaf.nativeLibraryPath=“../lib/windows%SPARK64%/”
org.jivesoftware.launcher.Startup
(save the file)
launch spark.exe
No more Applocker problem!
Note, I think this same idea will work for FlatLaf once Spark uses a version >= 3.1
For FlatLaf you could get the DLLs from: C:\Program Files (x86)\Spark\lib\flatlaf-2.6.jar\com\formdev\flatlaf\natives\ (not 2.6, but whatever >=2.6 is when updated past 3.1)
and copy them into C:\Program Files (x86)\Spark\lib\windows64
Use this line in start.bat
-Dflatlaf.nativeLibraryPath=“../lib/windows%SPARK64%/”