Configuring a logger requires permissions and should be done in a privileged action #94

jamezp · 2024-08-13T14:53:25Z

When creating the status logger the level is set which requires the LoggingPermission("control") permissions. We still need to ensure this works with the security manager enabled.

From a WildFly Core test:

07:50:55,259 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.deployment.unit."logging1.jar".INSTALL: org.jboss.msc.service.StartException in service jboss.deployment.unit."logging1.jar".INSTALL: WFLYSRV0153: Failed to process phase INSTALL of deployment "logging1.jar"
	at [email protected]//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:172)
	at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1617)
	at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1580)
	at [email protected]//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1438)
	at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.util.ServiceConfigurationError: org.jboss.msc.service.ServiceActivator: Provider org.jboss.as.test.integration.logging.Log4j2ServiceActivator could not be instantiated
	at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:586)
	at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:813)
	at java.base/java.util.ServiceLoader$ProviderImpl.get(ServiceLoader.java:729)
	at java.base/java.util.ServiceLoader$3.next(ServiceLoader.java:1403)
	at [email protected]//org.jboss.as.server.deployment.service.ServiceActivatorProcessor.deploy(ServiceActivatorProcessor.java:70)
	at [email protected]//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:165)
	... 8 more
Caused by: java.lang.ExceptionInInitializerError
	at java.base/jdk.internal.misc.Unsafe.ensureClassInitialized0(Native Method)
	at java.base/jdk.internal.misc.Unsafe.ensureClassInitialized(Unsafe.java:1160)
	at java.base/jdk.internal.reflect.MethodHandleAccessorFactory.ensureClassInitialized(MethodHandleAccessorFactory.java:300)
	at java.base/jdk.internal.reflect.MethodHandleAccessorFactory.newConstructorAccessor(MethodHandleAccessorFactory.java:103)
	at java.base/jdk.internal.reflect.ReflectionFactory.newConstructorAccessor(ReflectionFactory.java:200)
	at java.base/java.lang.reflect.Constructor.acquireConstructorAccessor(Constructor.java:549)
	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:486)
	at java.base/java.util.ServiceLoader$ProviderImpl$2.run(ServiceLoader.java:797)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:714)
	at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:802)
	... 12 more
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.util.logging.LoggingPermission" "control")" in code source "(vfs:/content/logging1.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.logging1.jar" from Service Module Loader")
	at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:309)
	at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:201)
	at [email protected]//org.jboss.logmanager.LogContext.checkSecurityAccess(LogContext.java:490)
	at [email protected]//org.jboss.logmanager.LogContext.checkAccess(LogContext.java:495)
	at [email protected]//org.jboss.logmanager.Logger.setLevel(Logger.java:118)
	at [email protected]//org.jboss.logmanager.log4j.JBossStatusListener.registerIfAbsent(JBossStatusListener.java:58)
	at [email protected]//org.jboss.logmanager.log4j.JBossLoggerContextFactory.getOrCreateLoggerContext(JBossLoggerContextFactory.java:119)
	at [email protected]//org.jboss.logmanager.log4j.JBossLoggerContextFactory.getLoggerContext(JBossLoggerContextFactory.java:104)
	at [email protected]//org.jboss.logmanager.log4j.JBossLoggerContextFactory.getContext(JBossLoggerContextFactory.java:49)
	at [email protected]//org.apache.logging.log4j.LogManager.getContext(LogManager.java:197)
	at [email protected]//org.apache.logging.log4j.LogManager.getLogger(LogManager.java:611)
	at deployment.logging1.jar//org.jboss.as.test.integration.logging.Log4j2ServiceActivator.<clinit>(Log4j2ServiceActivator.java:32)
	... 23 more

The text was updated successfully, but these errors were encountered:

This was referenced Aug 13, 2024

[WFCORE-6745] Upgrade log4j2 to 2.23.1 and log4j2-jboss-logmanager to… wildfly/wildfly-core#6128

Merged

[94] Ensure the level is set in a privileged action if the security m… #95

Merged

jamezp closed this as completed in #95 Aug 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Configuring a logger requires permissions and should be done in a privileged action #94

Configuring a logger requires permissions and should be done in a privileged action #94

jamezp commented Aug 13, 2024

Configuring a logger requires permissions and should be done in a privileged action #94

Configuring a logger requires permissions and should be done in a privileged action #94

Comments

jamezp commented Aug 13, 2024