You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by pk...@apache.org on 2022/03/31 19:43:30 UTC
[logging-log4j2] 01/15: [LOG4J2-3423] JAR file containing Log4j configuration isn't closed.
This is an automated email from the ASF dual-hosted git repository.
pkarwasz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
commit c2772ae474fca1403166db763562b34de0d5c154
Author: Gary Gregory <ga...@gmail.com>
AuthorDate: Thu Mar 3 10:13:23 2022 -0500
[LOG4J2-3423] JAR file containing Log4j configuration isn't closed.
Conflicts:
log4j-core/src/main/java/org/apache/logging/log4j/core/config/ConfigurationSource.java
log4j-core/src/main/java/org/apache/logging/log4j/core/net/UrlConnectionFactory.java
log4j-core/src/test/java/org/apache/logging/log4j/core/selector/TestClassLoader.java
---
.../main/java/org/apache/log4j/PropertyConfigurator.java | 1 +
.../main/java/org/apache/log4j/xml/DOMConfigurator.java | 3 ++-
.../logging/log4j/core/selector/TestClassLoader.java | 8 +++++---
.../logging/log4j/core/config/ConfigurationSource.java | 2 ++
.../logging/log4j/core/net/UrlConnectionFactory.java | 15 +++++++++------
.../log4j/spring/boot/Log4j2CloudConfigLoggingSystem.java | 2 ++
src/changes/changes.xml | 3 +++
7 files changed, 24 insertions(+), 10 deletions(-)
diff --git a/log4j-1.2-api/src/main/java/org/apache/log4j/PropertyConfigurator.java b/log4j-1.2-api/src/main/java/org/apache/log4j/PropertyConfigurator.java
index 483096e..348646a 100644
--- a/log4j-1.2-api/src/main/java/org/apache/log4j/PropertyConfigurator.java
+++ b/log4j-1.2-api/src/main/java/org/apache/log4j/PropertyConfigurator.java
@@ -382,6 +382,7 @@ public class PropertyConfigurator implements Configurator {
LogLog.debug("Reading configuration from URL " + url);
try {
final URLConnection urlConnection = url.openConnection();
+ // A "jar:" URL file remains open after the stream is closed, so do not cache it.
urlConnection.setUseCaches(false);
try (InputStream inputStream = urlConnection.getInputStream()) {
return doConfigure(inputStream, loggerRepository, classLoader);
diff --git a/log4j-1.2-api/src/main/java/org/apache/log4j/xml/DOMConfigurator.java b/log4j-1.2-api/src/main/java/org/apache/log4j/xml/DOMConfigurator.java
index e751653..e5adf60 100644
--- a/log4j-1.2-api/src/main/java/org/apache/log4j/xml/DOMConfigurator.java
+++ b/log4j-1.2-api/src/main/java/org/apache/log4j/xml/DOMConfigurator.java
@@ -145,7 +145,8 @@ public class DOMConfigurator {
public void doConfigure(final URL url, final LoggerRepository repository) {
try {
final URLConnection connection = url.openConnection();
- connection.setUseCaches(false); // Otherwise, a "jar:" URL file remains open after the stream is closed.
+ // A "jar:" URL file remains open after the stream is closed, so do not cache it.
+ connection.setUseCaches(false);
try (InputStream inputStream = connection.getInputStream()) {
doConfigure(new ConfigurationSource(inputStream, url));
}
diff --git a/log4j-core-test/src/test/java/org/apache/logging/log4j/core/selector/TestClassLoader.java b/log4j-core-test/src/test/java/org/apache/logging/log4j/core/selector/TestClassLoader.java
index 7a54182..49e63c2 100644
--- a/log4j-core-test/src/test/java/org/apache/logging/log4j/core/selector/TestClassLoader.java
+++ b/log4j-core-test/src/test/java/org/apache/logging/log4j/core/selector/TestClassLoader.java
@@ -54,9 +54,11 @@ public class TestClassLoader extends ClassLoader {
throw new ClassNotFoundException(name);
}
try {
- final URLConnection uc = resource.openConnection();
- final int len = uc.getContentLength();
- final InputStream in = new BufferedInputStream(uc.getInputStream());
+ final URLConnection urlConnection = resource.openConnection();
+ // A "jar:" URL file remains open after the stream is closed, so do not cache it.
+ urlConnection.setUseCaches(false);
+ final int len = urlConnection.getContentLength();
+ final InputStream in = new BufferedInputStream(urlConnection.getInputStream());
final byte[] bytecode = new byte[len];
try {
IOUtils.readFully(in, bytecode);
diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/config/ConfigurationSource.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/config/ConfigurationSource.java
index 0f73758..bb37919 100644
--- a/log4j-core/src/main/java/org/apache/logging/log4j/core/config/ConfigurationSource.java
+++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/config/ConfigurationSource.java
@@ -364,6 +364,8 @@ public class ConfigurationSource {
private static ConfigurationSource getConfigurationSource(final URL url) {
try {
final URLConnection urlConnection = url.openConnection();
+ // A "jar:" URL file remains open after the stream is closed, so do not cache it.
+ urlConnection.setUseCaches(false);
final AuthorizationProvider provider = ConfigurationFactory.authorizationProvider(PropertiesUtil.getProperties());
provider.addAuthorization(urlConnection);
if (url.getProtocol().equals(HTTPS)) {
diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/UrlConnectionFactory.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/UrlConnectionFactory.java
index 5e97030..65d4a13 100644
--- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/UrlConnectionFactory.java
+++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/UrlConnectionFactory.java
@@ -24,8 +24,7 @@ import java.net.URLConnection;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
-import java.util.Properties;
-import java.util.Set;
+
import javax.net.ssl.HttpsURLConnection;
import org.apache.logging.log4j.core.config.ConfigurationFactory;
@@ -33,7 +32,6 @@ import org.apache.logging.log4j.core.net.ssl.LaxHostnameVerifier;
import org.apache.logging.log4j.core.net.ssl.SslConfiguration;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationFactory;
import org.apache.logging.log4j.core.util.AuthorizationProvider;
-import org.apache.logging.log4j.core.util.BasicAuthorizationProvider;
import org.apache.logging.log4j.util.PropertiesUtil;
import org.apache.logging.log4j.util.Strings;
@@ -56,13 +54,13 @@ public class UrlConnectionFactory {
public static HttpURLConnection createConnection(final URL url, final long lastModifiedMillis, final SslConfiguration sslConfiguration)
throws IOException {
- PropertiesUtil props = PropertiesUtil.getProperties();
- List<String> allowed = Arrays.asList(Strings.splitList(props
+ final PropertiesUtil props = PropertiesUtil.getProperties();
+ final List<String> allowed = Arrays.asList(Strings.splitList(props
.getStringProperty(ALLOWED_PROTOCOLS, HTTPS).toLowerCase(Locale.ROOT)));
if (allowed.size() == 1 && NO_PROTOCOLS.equals(allowed.get(0))) {
throw new ProtocolException("No external protocols have been enabled");
}
- String protocol = url.getProtocol();
+ final String protocol = url.getProtocol();
if (protocol == null) {
throw new ProtocolException("No protocol was specified on " + url.toString());
}
@@ -70,6 +68,7 @@ public class UrlConnectionFactory {
throw new ProtocolException("Protocol " + protocol + " has not been enabled as an allowed protocol");
}
final HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
+
final AuthorizationProvider provider = ConfigurationFactory.authorizationProvider(props);
if (provider != null) {
provider.addAuthorization(urlConnection);
@@ -78,6 +77,8 @@ public class UrlConnectionFactory {
urlConnection.setDoOutput(true);
urlConnection.setDoInput(true);
urlConnection.setRequestMethod("GET");
+ // A "jar:" URL file remains open after the stream is closed, so do not cache it.
+ urlConnection.setUseCaches(false);
if (connectTimeoutMillis > 0) {
urlConnection.setConnectTimeout(connectTimeoutMillis);
}
@@ -106,6 +107,8 @@ public class UrlConnectionFactory {
urlConnection = createConnection(url, 0, SslConfigurationFactory.getSslConfiguration());
} else {
urlConnection = url.openConnection();
+ // A "jar:" URL file remains open after the stream is closed, so do not cache it.
+ urlConnection.setUseCaches(false);
}
return urlConnection;
}
diff --git a/log4j-spring-boot/src/main/java/org/apache/logging/log4j/spring/boot/Log4j2CloudConfigLoggingSystem.java b/log4j-spring-boot/src/main/java/org/apache/logging/log4j/spring/boot/Log4j2CloudConfigLoggingSystem.java
index a08babb..8705742 100644
--- a/log4j-spring-boot/src/main/java/org/apache/logging/log4j/spring/boot/Log4j2CloudConfigLoggingSystem.java
+++ b/log4j-spring-boot/src/main/java/org/apache/logging/log4j/spring/boot/Log4j2CloudConfigLoggingSystem.java
@@ -191,6 +191,8 @@ public class Log4j2CloudConfigLoggingSystem extends Log4J2LoggingSystem {
private ConfigurationSource getConfigurationSource(URL url) throws IOException, URISyntaxException {
URLConnection urlConnection = url.openConnection();
+ // A "jar:" URL file remains open after the stream is closed, so do not cache it.
+ urlConnection.setUseCaches(false);
AuthorizationProvider provider = ConfigurationFactory.authorizationProvider(PropertiesUtil.getProperties());
provider.addAuthorization(urlConnection);
if (url.getProtocol().equals(HTTPS)) {
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index fd063a4..f3c6551 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -196,6 +196,9 @@
<action issue="LOG4J2-3458" dev="ggregory" type="fix" due-to="Gary Gregory">
LocalizedMessage logs misleading errors on the console.
</action>
+ <action issue="LOG4J2-3423" type="fix" due-to="Radim Tlusty, Gary Gregory">
+ JAR file containing Log4j configuration isn't closed.
+ </action>
</release>
<release version="2.17.2" date="2022-02-23" description="GA Release 2.17.2">
<!-- FIXES -->