[jira] Created: (LOGGING-134) No AccessControll on getClassLoader operations

Bartosz Baranowski (JIRA) Tue, 29 Dec 2009 05:28:59 -0800

No AccessControll on getClassLoader operations
----------------------------------------------


                 Key: LOGGING-134
                 URL: https://issues.apache.org/jira/browse/LOGGING-134
             Project: Commons Logging
          Issue Type: Improvement
    Affects Versions: 1.1.1
         Environment: JDK1.6, WinXP SP2. Ran under JBoss 5.1.GA, mobicents 
2.0.B2, 
            Reporter: Bartosz Baranowski
            Priority: Trivial
             Fix For: 1.1.1


Problem is that commons logging performs some operations (atleast 
getClassLoader) which requiere access permissions. Since commons do not 
encapsulate calls to class loader getters in "doPriviledged" initialization of 
loggers fail.
This would not be a big deal if it wasnt about loggers - which usually are 
decalred "static final" and usually poeple dont use "static{}" to init logger 
like:

private final static Logger log;
static
{

   log=AccessController.doPriviledged(new PriviledgedAction<Logger>()
  {
     public Object run()
          {
             return Logger.getLogger(class); 
               
             }

     });

}

Example fail log  on 1.1.1:

Caused by: org.apache.commons.logging.LogConfigurationException: 
java.security.AccessControlException: access denied 
(java.lang.RuntimePermission getClassLoader) (Caused by 
java.security.AccessControl
Exception: access denied (java.lang.RuntimePermission getClassLoader))
        at 
org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:637)
        at 
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:336)
        at 
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:310)
        at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:685)
        at 
org.jboss.cache.commands.write.RemoveNodeCommand.<clinit>(RemoveNodeCommand.java:45)
        ... 22 more
Caused by: java.security.AccessControlException: access denied 
(java.lang.RuntimePermission getClassLoader)
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at java.lang.ClassLoader.getParent(Unknown Source)
        at 
org.apache.commons.logging.impl.LogFactoryImpl.getLowestClassLoader(LogFactoryImpl.java:1327)
        at 
org.apache.commons.logging.impl.LogFactoryImpl.getBaseClassLoader(LogFactoryImpl.java:1247)
        at 
org.apache.commons.logging.impl.LogFactoryImpl.createLogFromClass(LogFactoryImpl.java:1048)
        at 
org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:858)
        at 
org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:604)
        ... 26 more

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (LOGGING-134) No AccessControll on getClassLoader operations

Reply via email to