[logback-user] SecurityManager issue using logback

5 Nov 2011

      Hello

Ceki said my “bug” report isn’t actually a bug, but didn’t have the tell to tell me what’s wrong:
http://jira.qos.ch/browse/LBCLASSIC-304 

Can anyone here help? In short:

package be.removed.fun.removed; 

import java.rmi.RMISecurityManager; 
import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 

public class TestMain { 

    private static final Logger logger = LoggerFactory.getLogger(TestMain.class); 

    public static void main(String[] args) throws Exception { 
        System.setProperty("java.security.policy", "./src/main/config/java.policy"); 
        logger.debug("Policy location: {}", System.getProperty("java.security.policy")); 
        if (System.getSecurityManager() == null) { 
            System.setSecurityManager(new RMISecurityManager()); 
        } 
        System.setProperty("java.security.policy", "./src/main/config/java.policy"); 
    } 
} 

...runs fine using log4j:

<dependency> 
            <groupId>org.slf4j</groupId> 
            <artifactId>slf4j-api</artifactId> 
            <version>1.6.0</version> 
        </dependency> 
        <dependency> 
            <groupId>log4j</groupId> 
            <artifactId>log4j</artifactId> 
            <version>1.2.16</version> 
        </dependency> 
        <dependency> 
            <groupId>org.slf4j</groupId> 
            <artifactId>slf4j-log4j12</artifactId> 
            <version>1.6.0</version> 
        </dependency> 

...and gives an exception when switching to logback:

<dependency> 
            <groupId>org.slf4j</groupId> 
            <artifactId>slf4j-api</artifactId> 
            <version>1.6.0</version> 
        </dependency> 
        <dependency> 
            <groupId>ch.qos.logback</groupId> 
            <artifactId>logback-core</artifactId> 
            <version>1.0.0</version> 
        </dependency> 
        <dependency> 
            <groupId>ch.qos.logback</groupId> 
            <artifactId>logback-classic</artifactId> 
            <version>1.0.0</version> 
        </dependency>  

The exception is thrown at the last line of the main:

01:05:37.702 [main] DEBUG be.removed.fun.removed.TestMain - Policy location: ./src/main/config/java.policy 
Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write) 
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) 
at java.security.AccessController.checkPermission(AccessController.java:546) 
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) 
at java.lang.System.setProperty(System.java:725) 
at be.removed.fun.removed.TestMain.main(TestMain.java:18)  

The policy file is:

grant { 
    permission java.security.AllPermission; 
};  

The problem gets fixed if I put this file into:
$JAVA_HOME/jre/lib/security 

Thank you for your time!

Best regards

Andrew Bourgeois