[jira] [Commented] (LOG4J2-2761) log4j2 fails when a whitespace is in the file path and Java security manager is used

Wed, 25 Mar 2020 09:14:21 -0700 


    [ 
https://issues.apache.org/jira/browse/LOG4J2-2761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17066794#comment-17066794
 ] 

Uwe Schindler commented on LOG4J2-2761:
---------------------------------------

LOG4J2-466 is only caused by the problem with the "+" sign decoded in 
URLDecoder. If you convert the URI/URL to a File using {{new File(URI)}} this 
won't happen.

> log4j2 fails when a whitespace is in the file path and Java security manager 
> is used
> ------------------------------------------------------------------------------------
>
>                 Key: LOG4J2-2761
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-2761
>             Project: Log4j 2
>          Issue Type: Bug
>    Affects Versions: 2.13.0
>         Environment: Windows 7/10, Java 8/11/13 with configured Java Security 
> Manager
>            Reporter: Yury Molchan
>            Priority: Major
>
> {code}
> SEVERE: Error configuring application listener of class 
> [org.yurkom.navigator.web.servlet.StartupListener]
> java.security.AccessControlException: access denied ("java.io.FilePermission" 
> "C:\My%20Space\apache-tomcat-9.0.30\webapps\navigator\WEB-INF\classes\log4j2.properties"
>  "read")
>         at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>         at 
> java.security.AccessController.checkPermission(AccessController.java:884)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>         at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
>         at java.io.File.exists(File.java:814)
>         at 
> org.apache.logging.log4j.core.util.FileUtils.fileFromUri(FileUtils.java:88)
>         at 
> org.apache.logging.log4j.core.config.ConfigurationSource.fromResource(ConfigurationSource.java:360)
>         at 
> org.apache.logging.log4j.core.config.ConfigurationFactory$Factory.getConfiguration(ConfigurationFactory.java:527)
>         at 
> org.apache.logging.log4j.core.config.ConfigurationFactory$Factory.getConfiguration(ConfigurationFactory.java:456)
>         at 
> org.apache.logging.log4j.core.config.ConfigurationFactory.getConfiguration(ConfigurationFactory.java:318)
>         at 
> org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:687)
>         at 
> org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:708)
>         at 
> org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:263)
>         at 
> org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:153)
>         at 
> org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:45)
>         at org.apache.logging.log4j.LogManager.getContext(LogManager.java:194)
>         at 
> org.apache.logging.log4j.spi.AbstractLoggerAdapter.getContext(AbstractLoggerAdapter.java:138)
> {code}
> policy file contains the following permissions:
> {code}
> grant codeBase "file:${catalina.home}/webapps/navigator/-" {
>         permission java.io.FilePermission "${catalina.home}/-", "read";
>         permission java.io.FilePermission "${catalina.home}/", "read";
> };
> {code}
> where catalina.home is "C:\My Space\apache-tomcat-9.0.30"
> It is related to LOG4J2-466



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to