[ http://jira.qos.ch/browse/LBCLASSIC-263?page=com.atlassian.jira.plugin.syste... ] Ceki Gulcu resolved LBCLASSIC-263. ---------------------------------- Resolution: Won't Fix I've added a new method getClassLoaderAsPrivileged in the ch.qos.logback.core.util.Loader class which was changed as follows: package ch.qos.logback.core.util; public class Loader { private static boolean HAS_GET_CLASS_LOADER_PERMISSION = false; static { HAS_GET_CLASS_LOADER_PERMISSION = AccessController.doPrivileged(new PrivilegedAction<Boolean>() { public Boolean run() { try { AccessController.checkPermission( new RuntimePermission("getClassLoader")); return true; } catch (AccessControlException e) { return false; } } }); } public static ClassLoader getClassLoaderAsPrivileged(final Class clazz) { if (!HAS_GET_CLASS_LOADER_PERMISSION) return null; else return AccessController.doPrivileged( new PrivilegedAction<ClassLoader>() { public ClassLoader run() { return clazz.getClassLoader(); } }); } } The changed were committed in [1]. However, I did not change PackagingDataCalculator to use Loader#getClassLoaderAsPrivileged due to performance reasons. Collecting packaging data is already rather expensive and I do not wish to add to the cost. You have two options: 1) make the single line change yourself 2) add %ex at the end of your conversion patterns. This will avoid using the default %xEx. See [2] for documentation. [1] http://github.com/ceki/logback/commit/75da45d0f69 [2] http://logback.qos.ch/manual/layouts.html#xThrowable
Logback Classic causes SecurityException ----------------------------------------
Key: LBCLASSIC-263 URL: http://jira.qos.ch/browse/LBCLASSIC-263 Project: logback-classic Issue Type: Bug Affects Versions: 0.9.28 Reporter: NC Assignee: Logback dev list Attachments: PackagingDataCalculator.diff
PackagingDataCalculator invokes Class.getClassLoader(). This method throws a SecurityException when running under a security manager and that manager denies access to the ClassLoader. I'm submitting a PackagingDataCalculator patch which wraps the getClassLoader() invocation in a doPrivileged block. This allows these calls to succeed when the getClassLoader RuntimePermission is granted to logback-classic.
-- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.qos.ch/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira