You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Ralph Goers (Jira)" <ji...@apache.org> on 2020/02/23 00:42:00 UTC
[jira] [Commented] (LOG4J2-2761) log4j2 fails when a whitespace is in the file path and Java security manager is used

    [ https://issues.apache.org/jira/browse/LOG4J2-2761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17042769#comment-17042769 ] 

Ralph Goers commented on LOG4J2-2761:
-------------------------------------

I am not really sure what to do with this issue. Log4j is simply calling File.exists().  Java itself is calling the security manager. You should be able to duplicate this against any file running with the same security manager without Log4j in the picture.

> log4j2 fails when a whitespace is in the file path and Java security manager is used
> ------------------------------------------------------------------------------------
>
>                 Key: LOG4J2-2761
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-2761
>             Project: Log4j 2
>          Issue Type: Bug
>    Affects Versions: 2.13.0
>         Environment: Windows 7/10, Java 8/11/13 with configured Java Security Manager
>            Reporter: Yury Molchan
>            Priority: Major
>
> {code}
> SEVERE: Error configuring application listener of class [org.yurkom.navigator.web.servlet.StartupListener]
> java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\My%20Space\apache-tomcat-9.0.30\webapps\navigator\WEB-INF\classes\log4j2.properties" "read")
>         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>         at java.security.AccessController.checkPermission(AccessController.java:884)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>         at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
>         at java.io.File.exists(File.java:814)
>         at org.apache.logging.log4j.core.util.FileUtils.fileFromUri(FileUtils.java:88)
>         at org.apache.logging.log4j.core.config.ConfigurationSource.fromResource(ConfigurationSource.java:360)
>         at org.apache.logging.log4j.core.config.ConfigurationFactory$Factory.getConfiguration(ConfigurationFactory.java:527)
>         at org.apache.logging.log4j.core.config.ConfigurationFactory$Factory.getConfiguration(ConfigurationFactory.java:456)
>         at org.apache.logging.log4j.core.config.ConfigurationFactory.getConfiguration(ConfigurationFactory.java:318)
>         at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:687)
>         at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:708)
>         at org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:263)
>         at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:153)
>         at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:45)
>         at org.apache.logging.log4j.LogManager.getContext(LogManager.java:194)
>         at org.apache.logging.log4j.spi.AbstractLoggerAdapter.getContext(AbstractLoggerAdapter.java:138)
> {code}
> policy file contains the following permissions:
> {code}
> grant codeBase "file:${catalina.home}/webapps/navigator/-" {
>         permission java.io.FilePermission "${catalina.home}/-", "read";
>         permission java.io.FilePermission "${catalina.home}/", "read";
> };
> {code}
> where catalina.home is "C:\My Space\apache-tomcat-9.0.30"
> It is related to LOG4J2-466



--
This message was sent by Atlassian Jira
(v8.3.4#803005)