Ashcroft

Allow log4j to read from file

Details

  • Type: Improvement Improvement
  • Status: Open Open
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 0.1
  • Fix Version/s: 0.1
  • Component/s: Security manager
  • Labels:
    None
  • Number of attachments :
    1

Description

See http://kasparov.skife.org/blog/2004/08/25#ashcroft

It probably makes sense to add a mechanism that will allow log4j to read files. Should be illegal by default, but could be allowed with something like:

-Dcom.thoughtworks.ashcroft.runtime.log4j.allowRead=true

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Aslak Hellesøy added a comment -

Or a more generic mechanism:

-Dcom.thoughtworks.ashcroft.runtime.allowRead=some.package.SomeClass.someMethod,some.other.package.SomeOtherClass.someOtherMethod etc...

Show
Aslak Hellesøy added a comment - Or a more generic mechanism: -Dcom.thoughtworks.ashcroft.runtime.allowRead=some.package.SomeClass.someMethod,some.other.package.SomeOtherClass.someOtherMethod etc...
Hide
Permalink
Eugene Kuleshov added a comment -

It is probably make sence to allow to pas file which will have list of classes/packages that are doing file access and maybe even have some default one in Ashcroft.

I'm getting similar problem from Xerces:

com.thoughtworks.ashcroft.runtime.CantDoThat: You can't check for file presence during unit tests: C:\jdk1.3.1_11\jre\lib\xerces.properties
at com.thoughtworks.ashcroft.runtime.JohnAshcroft.cantDoThat(JohnAshcroft.java:48)
at com.thoughtworks.ashcroft.runtime.JohnAshcroft.checkRead(JohnAshcroft.java:98)
at java.io.File.exists(File.java:541)
at org.apache.xerces.parsers.SecuritySupport12$7.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.xerces.parsers.SecuritySupport12.getFileExists(Unknown Source)
at org.apache.xerces.parsers.ObjectFactory.createObject(Unknown Source)
at org.apache.xerces.parsers.ObjectFactory.createObject(Unknown Source)
at org.apache.xerces.parsers.SAXParser.<init>(Unknown Source)
at org.apache.xerces.parsers.SAXParser.<init>(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl.<init>(Unknown Source)
at org.apache.xerces.jaxp.SAXParserFactoryImpl.newSAXParserImpl(Unknown Source)
at org.apache.xerces.jaxp.SAXParserFactoryImpl.setFeature(Unknown Source)
...

Show
Eugene Kuleshov added a comment - It is probably make sence to allow to pas file which will have list of classes/packages that are doing file access and maybe even have some default one in Ashcroft. I'm getting similar problem from Xerces: com.thoughtworks.ashcroft.runtime.CantDoThat: You can't check for file presence during unit tests: C:\jdk1.3.1_11\jre\lib\xerces.properties at com.thoughtworks.ashcroft.runtime.JohnAshcroft.cantDoThat(JohnAshcroft.java:48) at com.thoughtworks.ashcroft.runtime.JohnAshcroft.checkRead(JohnAshcroft.java:98) at java.io.File.exists(File.java:541) at org.apache.xerces.parsers.SecuritySupport12$7.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at org.apache.xerces.parsers.SecuritySupport12.getFileExists(Unknown Source) at org.apache.xerces.parsers.ObjectFactory.createObject(Unknown Source) at org.apache.xerces.parsers.ObjectFactory.createObject(Unknown Source) at org.apache.xerces.parsers.SAXParser.<init>(Unknown Source) at org.apache.xerces.parsers.SAXParser.<init>(Unknown Source) at org.apache.xerces.jaxp.SAXParserImpl.<init>(Unknown Source) at org.apache.xerces.jaxp.SAXParserFactoryImpl.newSAXParserImpl(Unknown Source) at org.apache.xerces.jaxp.SAXParserFactoryImpl.setFeature(Unknown Source) ...
Hide
Permalink
Nick Sieger added a comment -

Would be nice to disallow logging, but when you're stuck with it, it's tough. We're using Ash for our test suites with this patch applied.

Show
Nick Sieger added a comment - Would be nice to disallow logging, but when you're stuck with it, it's tough. We're using Ash for our test suites with this patch applied.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.