Hello
We're using the Sling - OSGi LogService Implementation partially in code
running as a subject. The problem is that for this to work we have to
assign read and write right on the log-file to all users. Otherwise we
get an exception like the following:
27.01.2009 18:09:08.491 *INFO* [btpool3-0 - /kl]
org.trialox.platform.security.auth.AuthenticatingFilter
SecurityException: {} java.security.AccessControlException: access
denied (java.io.FilePermission
/home/reto/trialox-workspace/default/org.trialox.cms.launchpad/target/sling/logs/error.log
read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.length(File.java:846)
at
org.apache.sling.commons.log.slf4j.SlingLoggerWriter.checkRotate(SlingLoggerWriter.java:308)
I was wondering if it wouldn't be reasonable to have the logger do the
file access in a AccessController.doPrivileged section, so that the
respective permissions only have to be granted to the codebase and not
to the useres as well.
Cheers,
Reto
