Log4j 2
  1. Log4j 2
  2. LOG4J2-150

Applet: AccessControlException from System.getProperty(...), Integer.getInteger, and Boolean.getBoolean


    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0-beta4
    • Fix Version/s: 2.0-beta4
    • Component/s: API, Core
    • Labels:
    • Environment:

      Firefox 18


      When deploying Log4J2 in an applet, several API and Core classes make direct, unchecked attempts to pull in system properties via System.getProperty(...), Integer.getInteger, and Boolean.getBoolean. A sandboxed applet unfortunately may not access arbitrary system properties. PropertiesUtil seems to handle for this issue, but not all Core uses this utility, nor do a few classes in the API.

      The resulting exception looks like:
      Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission log4j2.status.entries read)
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
      at java.lang.System.getProperty(Unknown Source)
      at java.lang.Integer.getInteger(Unknown Source)
      at java.lang.Integer.getInteger(Unknown Source)
      at org.apache.logging.log4j.status.StatusLogger.<clinit>(StatusLogger.java:48)
      ... 27 more

      I've created a patch (to follow) which resolves these issues. Unfortunately, some code in my patch is duplicated or very similar between the API and Core – PropertiesUtil lives in Core, and I wasn't comfortable re-locating it to the API without discussion/review. Instead, I introduced a minimal version of the code to the API module.


        No work has yet been logged on this issue.


          • Assignee:
            Ralph Goers
            Scott Severtson
          • Votes:
            0 Vote for this issue
            2 Start watching this issue


            • Created: