Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Nightly Builds
-
None
-
Operating System: Solaris
Platform: PC
-
9743
Description
SimpleLog uses System.getProperties to get a list of existing
org.apache.commons.logging.* properties.
If commons-logging is running within an application which uses
the Java SecurityManager such as Tomcat this requires granting
java.util.PropertyPermission "*", "read" to not only
commongs-logging.jar, but all other jar files with classes
on the stack.
This makes it impossible to restrict access to reading properties
for any API's on the stack.
SimpleLog should get each individual property it needs separately.
This would apply to any other code which uses System.getProperties() also.