j.u.l.LogManager checks LoggingPermission(“control”) on addPropertyChangeListener, removePropertyChangeListener, readConfiguration, reset, and checkAccess. j.u.l.Logger checks LoggingPermission(“control”) on setFilter, addHandler, removeHandler, setUseParentHandlers, and setParent. j.u.l.MemoryHandler checks LoggingPermission(“control”) on the setPushLevel method. etc.
I don’t believe we currently check permissions when application code tries to modify the configuration. Should we? Ralph > On Sep 11, 2015, at 2:46 PM, Gary Gregory <[email protected]> wrote: > > The last time I looked at that it looked like we were doing the right thing. > But we might be talking about a different part of the code. > > Can you be more specific? > > Gary > > On Fri, Sep 11, 2015 at 1:55 PM, Ralph Goers <[email protected] > <mailto:[email protected]>> wrote: > I was noticing the other day in the jul javadoc that operations that modify > the configuration check the security manager for a LoggingPermission. Any > thoughts on whether we should also be checking the same permissions? > > Ralph > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > <mailto:[email protected]> > For additional commands, e-mail: [email protected] > <mailto:[email protected]> > > > > > -- > E-Mail: [email protected] <mailto:[email protected]> | > [email protected] <mailto:[email protected]> > Java Persistence with Hibernate, Second Edition > <http://www.manning.com/bauer3/> > JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> > Spring Batch in Action <http://www.manning.com/templier/> > Blog: http://garygregory.wordpress.com <http://garygregory.wordpress.com/> > Home: http://garygregory.com/ <http://garygregory.com/> > Tweet! http://twitter.com/GaryGregory <http://twitter.com/GaryGregory>
