aspose file tools *
The moose likes Security and the fly likes Problem getting log4j.properties picked up when I use security.manager ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Problem getting log4j.properties picked up when I use security.manager ?" Watch "Problem getting log4j.properties picked up when I use security.manager ?" New topic
Author

Problem getting log4j.properties picked up when I use security.manager ?

Rick Reumann
Ranch Hand

Joined: Apr 03, 2001
Posts: 281
I'm working with JAAS and testing out a jar that uses my own policy file and config file.

Everything is working fine except for that I can not get my log4j.properties file picked up when I use the security.manager (using commons-logging and log4j.properties). (I get the typical 'log4j:WARN No appenders could be found for logger' error.) If I comment out the line in the ant java task,
the log4j.properties file is picked up fine (but of course I don't get the jaas test that I want.)

The jar only has 3 classes in it and I'm including the log4j.properties file in the jar. If I hard code the exact path to the file using the PropertyConfigurator:
PropertyConfigurator.configure("/home/foo/pathToLog/log4j.properties");
that will work, but the user shouldn't have to hard code that, even if it's in an ant build as part of a property I pass in.

Any ideas what I need to do to get my log4j.properties file found?

My ant target I'm running looks like...

Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Hi Rick,

I have not faced this exact situation , but here is my best go.

I think you are getting a Access Controller exception when running with security manager enabled.As log4j has been designed in a fail safe manner , it might be eating that exception and letting you continue with the flow.

If that is the case then solution would be to grant the code READ file permission using the policy file in use.
Hope this helps,


Rahul Bhattacharjee
LinkedIn - Blog
Rick Reumann
Ranch Hand

Joined: Apr 03, 2001
Posts: 281
Originally posted by Rahul Bhattacharjee:

If that is the case then solution would be to grant the code READ file permission using the policy file in use.
Hope this helps,


Thanks Rahul. One more, probably stupid question, I'm confused about 'what' code I would actually be granting READ permission too? and what type of permission? Typically I've seen the error in the logs when the permission is off which lets me know what I have to correct, but as you mentioned, you are thinking the error is getting eaten by log4j so I'm not seeing what I need to correct.

Also, I wonder why it would let me manually setup log4j when I use
PropertyConfigurator.configure("/home/foo/pathToLog/log4j.properties");

I do have to set
permission java.io.FilePermission "log4j.properties", "read";
permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory.HashtableImpl", "read";

in my policy file, but it works when using the PropertyConfigurator and the above grants.

I'm just not sure what code you are referring to that you might suspect needs the read grant set up for? (Thanks again. I'm about to give up and not use log4j because of this issue.)
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Thanks again. I'm about to give up and not use log4j because of this issue.


Do not give up as this seems to be an interesting issue and it would help me and other fellow ranchers too.

I have the following confusions ,
Is your code working ,when you give absolute path in the configure method , in spite securitymanager being enabled?


The code that is having the PropertyConfiguration.configure code should be granted java.io.FilePermission with action with read and file would be the log4j configuration file.

For a quick test you might want to grant AllPermission to the complete jar.
Rick Reumann
Ranch Hand

Joined: Apr 03, 2001
Posts: 281
Originally posted by Rahul Bhattacharjee:
Do not give up as this seems to be an interesting issue and it would help me and other fellow ranchers too.


Ok, not giving up


Is your code working ,when you give absolute path in the configure method , in spite securitymanager being enabled?


Sorry if I wasn't clear. YES, it is working when I define the hard coded path in the PropertyConfigurator like:


However, I DO of course need to make this file accessible in the policy file:



The above then works fine in conjunction with me manually setting the path in the PropertyConfig.


For a quick test you might want to grant AllPermission to the complete jar.


This above works and then I don't need the PropertyConfig and the log file is found. Of course, this means that the permissions I set later in my grant are ignored and everything passes which of course isn't good.

However, you seem to be on the right track it looks like. It appears to me the problem is that somehow the jar doesn't have read access to the log4j.properties file that is inside the jar?
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
It appears to me the problem is that somehow the jar doesn't have read access to the log4j.properties file that is inside the jar?


Why is log4j.properties inside a jar ?
Rick Reumann
Ranch Hand

Joined: Apr 03, 2001
Posts: 281
Originally posted by Rahul Bhattacharjee:


Why is log4j.properties inside a jar ?


I don't know, I've been trying so many different things - figuring maybe it would pick it up the properties file better if it was actually inside the jar.

I'm guessing now part of my problem is I'm just being an idiot when it comes to use commons-logging. Right now, I'm just trying to get a 2 class stand alone command line app to pick up the correct log4j.properties file, but apparently it's not.

I'd love it if you could spare a second or two and just download this 2 class app (I tried to strip out everything to get down to the basics). I put a zip here http://www.learntechnology.net/TestLoggingWithSecurity.zip and you can just run 'ant clean run' and you'll see, that as it is now, it will log to the console, but I'm not sure what the heck properties file it is reading since the one in the zip I gave a level of ERROR, but I see info statements (yet not my debug statement).

Currently the ant build (in the zip) looks like this...



I want to run this test with two jars as above since eventually I will need this to work with the jars being able to use the log4j.properties file also in this test from the command line.

Thanks a lot for your patience so far with this. (I have the feeling I'm just doing something incredible stupid in how I'm trying to get this file read from the classpath.)
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18997
    
    8

Well, at least I don't have to tell you to just put it in the classpath. In your latest example, that would either be in Test.jar or in FooBar.jar. But do make sure you put it in the root of the jar, where the classpath points to. One of your earlier examples seemed to suggest you had put it in a directory inside the jar file.
Rick Reumann
Ranch Hand

Joined: Apr 03, 2001
Posts: 281
Originally posted by Paul Clapham:
But do make sure you put it in the root of the jar, where the classpath points to. One of your earlier examples seemed to suggest you had put it in a directory inside the jar file.


No, it was just in the root of the jar (not in a directory) and that actually worked really well except for of course when I threw in the wrench of using the security manager as a jvmarg: <jvmarg value="-Djava.security.manager" />
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18997
    
    8

If it was in the root of the jar thenshould not find it. But you said initially that it did. That's what led me to believe you didn't put it in the root of the jar.

But looking again at your latest post, I see you are setting the boot classpath, and it's the same as part of your regular classpath. That could confuse a classloader, couldn't it?
Rick Reumann
Ranch Hand

Joined: Apr 03, 2001
Posts: 281
Originally posted by Paul Clapham:
If it was in the root of the jar thenshould not find it. But you said initially that it did. That's what led me to believe you didn't put it in the root of the jar.


Maybe I should have added that that path above was to a log4j.properties file that was 'not' in the jar (even though I left it in the jar for trying things to get it picked up from there without using PropertyConfigurator). The above path was a full path to a file in the project.
Rick Reumann
Ranch Hand

Joined: Apr 03, 2001
Posts: 281
Ok, I made a bit more progress when I removed commons-logging and just went to use log4j without the commons wrapper (with the log4j.properties file in each jar). However, I'm still stuck on the jars not finding the log4j.properties file when I use the security.manager. (Also if I give all permissions grant to the jars, logging DOES work with the security manager in place, but problem then is that everything passes when I really try to use this with JAAS.)

I've vastly simplified things in the new example that I put out here:

http://www.learntechnology.net/TestLoggingWithSecurity.zip

('ant run' will build and run test.)

The code is just 2 simple classes and does nothing with jaas (I stripped everything out.) The bootloader thing is removed as well (as that was an artifact from something else I was trying.)

I'm posting what I think is the relevant code below. The ant build and policy file---

MyJAAS.policy


build.xml



Test.java
Rick Reumann
Ranch Hand

Joined: Apr 03, 2001
Posts: 281
I managed to get everything working ok using

grant {
permission java.io.FilePermission "<<ALL FILES>>", "read";
...
}

Eventually I'd like to somehow use relative paths but I couldn't figure out to get that to work correctly. For now the ALL_FILES will work ok.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Problem getting log4j.properties picked up when I use security.manager ?