Commons Logging
  1. Commons Logging
  2. LOGGING-26

Security policy configuration, SimpleLog uses System.getProperties()

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: Nightly Builds
    • Fix Version/s: 1.0.3
    • Labels:
      None
    • Environment:

      Operating System: Solaris
      Platform: PC

      Description

      SimpleLog uses System.getProperties to get a list of existing
      org.apache.commons.logging.* properties.

      If commons-logging is running within an application which uses
      the Java SecurityManager such as Tomcat this requires granting
      java.util.PropertyPermission "*", "read" to not only
      commongs-logging.jar, but all other jar files with classes
      on the stack.

      This makes it impossible to restrict access to reading properties
      for any API's on the stack.

      SimpleLog should get each individual property it needs separately.

      This would apply to any other code which uses System.getProperties() also.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Glenn Nielsen
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development