logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralph Goers (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (LOG4J2-150) Applet: AccessControlException from System.getProperty(...), Integer.getInteger, and Boolean.getBoolean
Date Thu, 17 Jan 2013 08:48:23 GMT

     [ https://issues.apache.org/jira/browse/LOG4J2-150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ralph Goers resolved LOG4J2-150.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 2.0-beta4
         Assignee: Ralph Goers

Fixed as of revision 1434589. Please verify and close.
                
> Applet: AccessControlException from System.getProperty(...), Integer.getInteger, and
Boolean.getBoolean
> -------------------------------------------------------------------------------------------------------
>
>                 Key: LOG4J2-150
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-150
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: API, Core
>    Affects Versions: 2.0-beta4
>         Environment: Firefox 18
>            Reporter: Scott Severtson
>            Assignee: Ralph Goers
>             Fix For: 2.0-beta4
>
>         Attachments: system-properties-access-control-exception-handling.patch
>
>
> When deploying Log4J2 in an applet, several API and Core classes make direct, unchecked
attempts to pull in system properties via System.getProperty(...), Integer.getInteger, and
Boolean.getBoolean. A sandboxed applet unfortunately may not access arbitrary system properties.
PropertiesUtil seems to handle for this issue, but not all Core uses this utility, nor do
a few classes in the API.
> The resulting exception looks like:
> Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission
log4j2.status.entries read)
> at java.security.AccessControlContext.checkPermission(Unknown Source)
> at java.security.AccessController.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
> at java.lang.System.getProperty(Unknown Source)
> at java.lang.Integer.getInteger(Unknown Source)
> at java.lang.Integer.getInteger(Unknown Source)
> at org.apache.logging.log4j.status.StatusLogger.<clinit>(StatusLogger.java:48)
> ... 27 more
> I've created a patch (to follow) which resolves these issues. Unfortunately, some code
in my patch is duplicated or very similar between the API and Core -- PropertiesUtil lives
in Core, and I wasn't comfortable re-locating it to the API without discussion/review. Instead,
I introduced a minimal version of the code to the API module.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org


Mime
View raw message