为什么不受信任的代码无法更改 Java 日志记录下的日志级别?
我有一个 Java 应用程序,也作为小程序运行。该应用程序还恰好使用名为 BasicPlayer 的库来播放 .ogg 文件。 BasicPlayer 有一个内置记录器,它使用 Apache Logging Commons 使用内置 Java 记录器为 BasicPlayer.class 创建记录器。我知道关闭 BasicPlayer 日志记录的唯一方法是运行此代码:
Logger.getLogger(BasicPlayer.class.getName()).setLevel(Level.OFF);
当作为常规应用程序运行时,这可以正常工作。但是,当作为小程序运行时,此代码将抛出 SecurityException,因为由于某种原因小程序无法更改非匿名记录器的日志级别 (请参阅此处了解某种解释)。
他们为什么要这样做?谁关心小程序是否更改了日志级别?
I'm have a Java app that also runs as an applet. The app also happens to use a library called BasicPlayer to play .ogg files. BasicPlayer has a built-in logger that uses Apache Logging Commons to create a logger for BasicPlayer.class using the built-in Java logger. The only way that I know about to turn off the BasicPlayer logging is to run this code:
Logger.getLogger(BasicPlayer.class.getName()).setLevel(Level.OFF);
This works fine when running as a regular app. However, when running as an applet, this code will throw a SecurityException because for some reason applets can't change the log level of non-anonymous loggers (see here for a sorta-explanation).
Why would they do this? Who cares if an applet changes the log level?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,主机 JVM 中运行的其他内容可能会使用 Apache 日志记录来保留小程序正在执行的操作的审计跟踪。如果小程序可以更改日志记录级别,则它可以关闭审核。
另一件需要指出的是 BasicPlayer 是开源的,因此您还可以选择修改源代码以禁用日志记录和重建。
Well, for a start, other stuff running in the host JVM may be using Apache logging to keep an audit trail of what the applet is doing. If an applet can change the logging level, it can turn off auditing.
The other thing to point out is that BasicPlayer is open source, so you also have the option of modifying the source it to disable logging and rebuilding.