You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4j-dev@logging.apache.org by "Scott Severtson (JIRA)" <ji...@apache.org> on 2013/02/01 17:38:20 UTC
[jira] [Closed] (LOG4J2-150) Applet: AccessControlException from
System.getProperty(...), Integer.getInteger, and Boolean.getBoolean
[ https://issues.apache.org/jira/browse/LOG4J2-150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Severtson closed LOG4J2-150.
----------------------------------
We can verify that Log4J2 can now be safely used in an applet environment.
> Applet: AccessControlException from System.getProperty(...), Integer.getInteger, and Boolean.getBoolean
> -------------------------------------------------------------------------------------------------------
>
> Key: LOG4J2-150
> URL: https://issues.apache.org/jira/browse/LOG4J2-150
> Project: Log4j 2
> Issue Type: Bug
> Components: API, Core
> Affects Versions: 2.0-beta4
> Environment: Firefox 18
> Reporter: Scott Severtson
> Assignee: Ralph Goers
> Fix For: 2.0-beta4
>
> Attachments: system-properties-access-control-exception-handling.patch
>
>
> When deploying Log4J2 in an applet, several API and Core classes make direct, unchecked attempts to pull in system properties via System.getProperty(...), Integer.getInteger, and Boolean.getBoolean. A sandboxed applet unfortunately may not access arbitrary system properties. PropertiesUtil seems to handle for this issue, but not all Core uses this utility, nor do a few classes in the API.
> The resulting exception looks like:
> Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission log4j2.status.entries read)
> at java.security.AccessControlContext.checkPermission(Unknown Source)
> at java.security.AccessController.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
> at java.lang.System.getProperty(Unknown Source)
> at java.lang.Integer.getInteger(Unknown Source)
> at java.lang.Integer.getInteger(Unknown Source)
> at org.apache.logging.log4j.status.StatusLogger.<clinit>(StatusLogger.java:48)
> ... 27 more
> I've created a patch (to follow) which resolves these issues. Unfortunately, some code in my patch is duplicated or very similar between the API and Core -- PropertiesUtil lives in Core, and I wasn't comfortable re-locating it to the API without discussion/review. Instead, I introduced a minimal version of the code to the API module.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org