[logback-dev] [JIRA] Commented: (LBCLASSIC-304) Moving from log4j to logback classic breaks java.policy.security behavior

Andrew Bourgeois (JIRA) noreply-jira at qos.ch
Fri Nov 4 09:10:16 CET 2011


    [ http://jira.qos.ch/browse/LBCLASSIC-304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12259#action_12259 ] 

Andrew Bourgeois commented on LBCLASSIC-304:
--------------------------------------------

The java.policy file didn't change. It's (for simplicity):

grant {
    permission java.security.AllPermission;
};


Once I revert back to log4j (by just changing the 3 entries in the POM) everything is fine.
You can't reproduce it? Let me know if you can't, and I'll try to narrow it down to a project with only this class and only those entries in its POM, then upload it here.

While I think that you're smart enough to figure out what lines I didn't post in the original issue, here's all of it:

package be.removed.fun.removed;

import java.rmi.RMISecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class TestMain {

    private static final Logger logger = LoggerFactory.getLogger(TestMain.class);

    public static void main(String[] args) throws Exception {
        System.setProperty("java.security.policy", "./src/main/config/java.policy");
        logger.debug("Policy location: {}", System.getProperty("java.security.policy"));
        if (System.getSecurityManager() == null) {
            System.setSecurityManager(new RMISecurityManager());
        }
        System.setProperty("java.security.policy", "./src/main/config/java.policy");
    }
}

> Moving from log4j to logback classic breaks java.policy.security behavior
> -------------------------------------------------------------------------
>
>                 Key: LBCLASSIC-304
>                 URL: http://jira.qos.ch/browse/LBCLASSIC-304
>             Project: logback-classic
>          Issue Type: Bug
>    Affects Versions: 1.0.0
>         Environment: CentOS 5.7
>            Reporter: Andrew Bourgeois
>            Assignee: Logback dev list
>
> Hello
> Simply replacing the log4j libraries with the logback ones breaks my RMI server at runtime.
> Please take the following code:
> public static void main(String[] args) throws Exception {
>         System.setProperty("java.security.policy", "./src/main/config/java.policy");
>         logger.debug("Policy location: {}", System.getProperty("java.security.policy"));
>         if (System.getSecurityManager() == null) {
>             System.setSecurityManager(new RMISecurityManager());
>         }
>         System.setProperty("java.security.policy", "./src/main/config/java.policy");
>     }
> And the following stacktrace:
> 01:05:37.702 [main] DEBUG be.removed.fun.removed.TestMain - Policy location: ./src/main/config/java.policy
> Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
> 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> 	at java.security.AccessController.checkPermission(AccessController.java:546)
> 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> 	at java.lang.System.setProperty(System.java:725)
> 	at be.removed.fun.removed.TestMain.main(TestMain.java:18)
> Somehow logback broke it, I can't even set a property anymore while I was able to read it before (I tested it, reading properties give the same results).
> FYI: If I put the "java.policy" file into my $JAVA_HOME/jre/lib/security, the file IS taken into account.
> POM.xml before operation:
> <dependency>
>             <groupId>org.slf4j</groupId>
>             <artifactId>slf4j-api</artifactId>
>             <version>1.6.0</version>
>         </dependency>
>         <dependency>
>             <groupId>log4j</groupId>
>             <artifactId>log4j</artifactId>
>             <version>1.2.16</version>
>         </dependency>
>         <dependency>
>             <groupId>org.slf4j</groupId>
>             <artifactId>slf4j-log4j12</artifactId>
>             <version>1.6.0</version>
>         </dependency>
> POM.xml after operation:
> <dependency>
>             <groupId>org.slf4j</groupId>
>             <artifactId>slf4j-api</artifactId>
>             <version>1.6.0</version>
>         </dependency>
>         <dependency>
>             <groupId>ch.qos.logback</groupId>
>             <artifactId>logback-core</artifactId>
>             <version>1.0.0</version>
>         </dependency>
>         <dependency>
>             <groupId>ch.qos.logback</groupId>
>             <artifactId>logback-classic</artifactId>
>             <version>1.0.0</version>
>         </dependency>
> Andrew

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.qos.ch/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


More information about the logback-dev mailing list