[jira] [Commented] (LOG4J2-150) Applet: AccessControlException from System.getProperty(...), Integer.getInteger, and Boolean.getBoolean

[Ralph Goers (JIRA)]

    [ 
https://issues.apache.org/jira/browse/LOG4J2-150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13555811#comment-13555811
 ] 

Ralph Goers commented on LOG4J2-150:
------------------------------------

I added PropsUtil to the API.  It should be renamed to PropertiesUtil and the 
one in core removed. The one in the API allows a properties file to be provided 
to provide default values for the properties.
                
> Applet: AccessControlException from System.getProperty(...), 
> Integer.getInteger, and Boolean.getBoolean
> -------------------------------------------------------------------------------------------------------
>
>                 Key: LOG4J2-150
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-150
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: API, Core
>    Affects Versions: 2.0-beta4
>         Environment: Firefox 18
>            Reporter: Scott Severtson
>         Attachments: system-properties-access-control-exception-handling.patch
>
>
> When deploying Log4J2 in an applet, several API and Core classes make direct, 
> unchecked attempts to pull in system properties via System.getProperty(...), 
> Integer.getInteger, and Boolean.getBoolean. A sandboxed applet unfortunately 
> may not access arbitrary system properties. PropertiesUtil seems to handle 
> for this issue, but not all Core uses this utility, nor do a few classes in 
> the API.
> The resulting exception looks like:
> Caused by: java.security.AccessControlException: access denied 
> (java.util.PropertyPermission log4j2.status.entries read)
> at java.security.AccessControlContext.checkPermission(Unknown Source)
> at java.security.AccessController.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
> at java.lang.System.getProperty(Unknown Source)
> at java.lang.Integer.getInteger(Unknown Source)
> at java.lang.Integer.getInteger(Unknown Source)
> at org.apache.logging.log4j.status.StatusLogger.<clinit>(StatusLogger.java:48)
> ... 27 more
> I've created a patch (to follow) which resolves these issues. Unfortunately, 
> some code in my patch is duplicated or very similar between the API and Core 
> -- PropertiesUtil lives in Core, and I wasn't comfortable re-locating it to 
> the API without discussion/review. Instead, I introduced a minimal version of 
> the code to the API module.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org
For additional commands, e-mail: log4j-dev-h...@logging.apache.org