Commons Logging
  1. Commons Logging
  2. LOGGING-26

Security policy configuration, SimpleLog uses System.getProperties()

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: Nightly Builds
    • Fix Version/s: 1.0.3
    • Labels:
      None
    • Environment:

      Operating System: Solaris
      Platform: PC

      Description

      SimpleLog uses System.getProperties to get a list of existing
      org.apache.commons.logging.* properties.

      If commons-logging is running within an application which uses
      the Java SecurityManager such as Tomcat this requires granting
      java.util.PropertyPermission "*", "read" to not only
      commongs-logging.jar, but all other jar files with classes
      on the stack.

      This makes it impossible to restrict access to reading properties
      for any API's on the stack.

      SimpleLog should get each individual property it needs separately.

      This would apply to any other code which uses System.getProperties() also.

        Activity

        Glenn Nielsen created issue -
        Henri Yandell made changes -
        Field Original Value New Value
        issue.field.bugzillaimportkey 9743 12340240
        Henri Yandell made changes -
        Affects Version/s Nightly Builds [ 12311648 ]
        Component/s Logging [ 12311124 ]
        Assignee Jakarta Commons Developers Mailing List [ commons-dev@jakarta.apache.org ]
        Project Commons [ 12310458 ] Commons Logging [ 12310484 ]
        Key COM-89 LOGGING-26
        Henri Yandell made changes -
        Affects Version/s Nightly Builds [ 12311790 ]
        Henri Yandell made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Dennis Lundberg made changes -
        Fix Version/s 1.0.3 [ 12311839 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Glenn Nielsen
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development