Description
Please find attached to this email a code change proposal for the EnvironmentPropertySource so it does not fail when used in conjonction with highly restrictive security restriction managers.
I propose to surround with a try..catch the retrieval of environment variables so the library does not fail to initialize when it runs in the context of a security manager that always issues Exception when security rules are violated.
see attachment for proposal.
Avoids:
java.lang.NoClassDefFoundError: Could not initialize class org.apache.logging.log4j.util.PropertiesUtil
at org.apache.logging.log4j.status.StatusLogger.<clinit>(StatusLogger.java:78)
at org.apache.logging.log4j.core.AbstractLifeCycle.<clinit>(AbstractLifeCycle.java:38)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.apache.logging.log4j.core.config.builder.impl.DefaultConfigurationBuilder.build(DefaultConfigurationBuilder.java:172)
at org.apache.logging.log4j.core.config.builder.impl.DefaultConfigurationBuilder.build(DefaultConfigurationBuilder.java:161)
at org.apache.logging.log4j.core.config.builder.impl.DefaultConfigurationBuilder.build(DefaultConfigurationBuilder.java:1)
at org.apache.logging.log4j.util.EnvironmentPropertySourceSecurityManagerTest.test(EnvironmentPropertySourceSecurityManagerTest.java:55)
Attachments
Attachments
Issue Links
- is related to
-
LOG4J2-2279 Allow SystemPropertiesPropertySource to run with a SecurityManager that rejects system property access
-
- Closed
-