[jira] [Commented] (LOG4J2-2279) Allow SystemPropertiesPropertySource to run with a SecurityManager that rejects system property access

Thu, 01 Mar 2018 11:12:24 -0800 

    [ 
https://issues.apache.org/jira/browse/LOG4J2-2279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16382474#comment-16382474
 ] 

ASF subversion and git services commented on LOG4J2-2279:
---------------------------------------------------------

Commit 59a8efed01dbc94c335e24222cc28039070f72a0 in logging-log4j2's branch 
refs/heads/release-2.x from [~garydgregory]
[ https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=59a8efe ]

[LOG4J2-2279] Allow SystemPropertiesPropertySource to run with a
SecurityManager that rejects system property access. This test passes
for me on Windows 10 but fails on Jenkins. Reorder a sanity check so
that it takes place before the SecurityManager test rule is evaluated.

> Allow SystemPropertiesPropertySource to run with a SecurityManager that 
> rejects system property access
> ------------------------------------------------------------------------------------------------------
>
>                 Key: LOG4J2-2279
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-2279
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: API
>    Affects Versions: 2.10.0
>            Reporter: Gary Gregory
>            Assignee: Gary Gregory
>            Priority: Major
>             Fix For: 2.11.0, 3.0.0
>
>
> Allow {{SystemPropertiesPropertySource}} to run with a SecurityManager that 
> rejects system property access. This is similar to [LOG4J2-2274].
> A security manager can blow up an app like this:
> {noformat}
> java.lang.ExceptionInInitializerError
>       at 
> org.apache.logging.log4j.util.SystemPropertiesPropertySourceSecurityManagerTest.test(SystemPropertiesPropertySourceSecurityManagerTest.java:64)
>       ...
> Caused by: java.lang.SecurityException
>       at 
> org.apache.logging.log4j.util.SystemPropertiesPropertySourceSecurityManagerTest$TestSecurityManager.checkPermission(SystemPropertiesPropertySourceSecurityManagerTest.java:49)
>       at 
> java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1265)
>       at java.lang.System.getProperties(System.java:624)
>       at 
> org.apache.logging.log4j.util.SystemPropertiesPropertySource.forEach(SystemPropertiesPropertySource.java:40)
>       at 
> org.apache.logging.log4j.util.PropertiesUtil$Environment.reload(PropertiesUtil.java:330)
>       at 
> org.apache.logging.log4j.util.PropertiesUtil$Environment.<init>(PropertiesUtil.java:322)
>       at 
> org.apache.logging.log4j.util.PropertiesUtil$Environment.<init>(PropertiesUtil.java:310)
>       at 
> org.apache.logging.log4j.util.PropertiesUtil.<init>(PropertiesUtil.java:69)
>       at 
> org.apache.logging.log4j.util.PropertiesUtil.<clinit>(PropertiesUtil.java:49)
>       ... 26 more
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to