Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 31706 invoked from network); 6 Sep 2008 21:48:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Sep 2008 21:48:20 -0000 Received: (qmail 50348 invoked by uid 500); 6 Sep 2008 21:48:11 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 50295 invoked by uid 500); 6 Sep 2008 21:48:11 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 50284 invoked by uid 99); 6 Sep 2008 21:48:11 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 06 Sep 2008 14:48:11 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 06 Sep 2008 21:47:21 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 598E5238889B; Sat, 6 Sep 2008 14:47:22 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r692745 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/juli/ClassLoaderLogManager.java webapps/docs/changelog.xml Date: Sat, 06 Sep 2008 21:47:22 -0000 To: dev@tomcat.apache.org From: rjung@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080906214722.598E5238889B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: rjung Date: Sat Sep 6 14:47:21 2008 New Revision: 692745 URL: http://svn.apache.org/viewvc?rev=692745&view=rev Log: Backport Logging of access control problems when setting up per context logging under the security manager. http://svn.apache.org/viewvc?rev=691675&view=rev http://svn.apache.org/viewvc?rev=691677&view=rev http://svn.apache.org/viewvc?rev=691887&view=rev Also backported generics use http://svn.apache.org/viewvc?view=rev&revision=687508 because it is low risk (generics) and keeps the class in sync between trunk and tc6.0.x. Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/juli/ClassLoaderLogManager.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=692745&r1=692744&r2=692745&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Sep 6 14:47:21 2008 @@ -128,19 +128,6 @@ +1: markt -1: -* Backport Logging of access control problems when setting up - per context logging under the security manager. - http://svn.apache.org/viewvc?rev=691675&view=rev - http://svn.apache.org/viewvc?rev=691677&view=rev - http://svn.apache.org/viewvc?rev=691887&view=rev - I suggest to also backport - http://svn.apache.org/viewvc?view=rev&revision=687508 - because it is low risk (generics) and keeps the class - in sync between trunk and tc6.0.x. - +1: rjung, remm, markt - -1: - rjung: improved the logging with r691887. - * ETag improvement: https://issues.apache.org/bugzilla/show_bug.cgi?id=45735 +1: remm, markt -1: Modified: tomcat/tc6.0.x/trunk/java/org/apache/juli/ClassLoaderLogManager.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/juli/ClassLoaderLogManager.java?rev=692745&r1=692744&r2=692745&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/juli/ClassLoaderLogManager.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/juli/ClassLoaderLogManager.java Sat Sep 6 14:47:21 2008 @@ -19,11 +19,13 @@ import java.io.File; import java.io.FileInputStream; +import java.io.FilePermission; import java.io.IOException; import java.io.InputStream; import java.net.URLClassLoader; import java.security.AccessControlException; import java.security.AccessController; +import java.security.Permission; import java.security.PrivilegedAction; import java.util.Collections; import java.util.Enumeration; @@ -135,9 +137,9 @@ Handler handler = null; ClassLoader current = classLoader; while (current != null) { - info = (ClassLoaderLogInfo) classLoaderLoggers.get(current); + info = classLoaderLoggers.get(current); if (info != null) { - handler = (Handler) info.handlers.get(handlerName); + handler = info.handlers.get(handlerName); if (handler != null) { break; } @@ -174,7 +176,7 @@ public synchronized Logger getLogger(final String name) { ClassLoader classLoader = Thread.currentThread() .getContextClassLoader(); - return (Logger) getClassLoaderInfo(classLoader).loggers.get(name); + return getClassLoaderInfo(classLoader).loggers.get(name); } @@ -198,7 +200,7 @@ public String getProperty(String name) { ClassLoader classLoader = Thread.currentThread() .getContextClassLoader(); - String prefix = (String) this.prefix.get(); + String prefix = this.prefix.get(); if (prefix != null) { name = prefix + name; } @@ -210,7 +212,7 @@ if ((result == null) && (info.props.isEmpty())) { ClassLoader current = classLoader.getParent(); while (current != null) { - info = (ClassLoaderLogInfo) classLoaderLoggers.get(current); + info = classLoaderLoggers.get(current); if (info != null) { result = info.props.getProperty(name); if ((result != null) || (!info.props.isEmpty())) { @@ -265,8 +267,7 @@ if (classLoader == null) { classLoader = ClassLoader.getSystemClassLoader(); } - ClassLoaderLogInfo info = (ClassLoaderLogInfo) classLoaderLoggers - .get(classLoader); + ClassLoaderLogInfo info = classLoaderLoggers.get(classLoader); if (info == null) { final ClassLoader classLoaderParam = classLoader; AccessController.doPrivileged(new PrivilegedAction() { @@ -279,7 +280,7 @@ return null; } }); - info = (ClassLoaderLogInfo) classLoaderLoggers.get(classLoader); + info = classLoaderLoggers.get(classLoader); } return info; } @@ -304,7 +305,21 @@ } } catch (AccessControlException ace) { // No permission to configure logging in context - // Ignore and carry on + // Log and carry on + ClassLoaderLogInfo info = classLoaderLoggers.get(ClassLoader.getSystemClassLoader()); + if (info != null) { + Logger log = info.loggers.get(""); + if (log != null) { + Permission perm = ace.getPermission(); + if (perm instanceof FilePermission && perm.getActions().equals("read")) { + log.warning("Reading " + perm.getName() + " is not permitted. See \"per context logging\" in the default catalina.policy file."); + } + else { + log.warning("Reading logging.properties is not permitted in some context. See \"per context logging\" in the default catalina.policy file."); + log.warning("Original error was: " + ace.getMessage()); + } + } + } } if ((is == null) && (classLoader == ClassLoader.getSystemClassLoader())) { String configFileStr = System.getProperty("java.util.logging.config.file"); @@ -362,8 +377,7 @@ protected void readConfiguration(InputStream is, ClassLoader classLoader) throws IOException { - ClassLoaderLogInfo info = - (ClassLoaderLogInfo) classLoaderLoggers.get(classLoader); + ClassLoaderLogInfo info = classLoaderLoggers.get(classLoader); try { info.props.load(is); @@ -503,8 +517,7 @@ nextName = name.substring(0, dotIndex); name = name.substring(dotIndex + 1); } - LogNode childNode = (LogNode) currentNode.children - .get(nextName); + LogNode childNode = currentNode.children.get(nextName); if (childNode == null) { childNode = new LogNode(currentNode); currentNode.children.put(nextName, childNode); Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=692745&r1=692744&r2=692745&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Sep 6 14:47:21 2008 @@ -35,6 +35,10 @@
+ + Log AccessControlException for context specific logging.properties + during startup with security manager. (rjung) + 41407: Add CLIENT-CERT support to the JAAS Realm. (markt) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org