使用 logback 的 java.security.policy 问题
以下代码使用 LOG4J(和 SLF4J)运行文件:
package test;
import java.rmi.RMISecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class TestMain {
private static final Logger logger = LoggerFactory.getLogger(TestMain.class);
public static void main(String[] args) throws Exception {
System.setProperty("java.security.policy", "./src/main/config/java.policy");
logger.debug("Policy location: {}", System.getProperty("java.security.policy"));
if (System.getSecurityManager() == null) {
System.setSecurityManager(new RMISecurityManager());
}
System.setProperty("java.security.policy", "./src/main/config/java.policy");
}
}
当将依赖项切换为“logback”而不是 log4j 时,它会给出:
01:05:37.702 [main] DEBUG test.TestMain - Policy location: ./src/main/config/java.policy
Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.System.setProperty(System.java:725)
at test.TestMain.main(TestMain.java:18)
在 main 方法的最后一行。
java.policy 文件的内容:
grant {
permission java.security.AllPermission;
};
将 java.policy 文件放入“$JAVA_HOME/jre/lib/security”中可以解决该问题。
谁能告诉我发生了什么事?
The following code runs file using LOG4J (and SLF4J):
package test;
import java.rmi.RMISecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class TestMain {
private static final Logger logger = LoggerFactory.getLogger(TestMain.class);
public static void main(String[] args) throws Exception {
System.setProperty("java.security.policy", "./src/main/config/java.policy");
logger.debug("Policy location: {}", System.getProperty("java.security.policy"));
if (System.getSecurityManager() == null) {
System.setSecurityManager(new RMISecurityManager());
}
System.setProperty("java.security.policy", "./src/main/config/java.policy");
}
}
When switching the dependencies to "logback" instead of log4j, it gives:
01:05:37.702 [main] DEBUG test.TestMain - Policy location: ./src/main/config/java.policy
Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.System.setProperty(System.java:725)
at test.TestMain.main(TestMain.java:18)
at the last line of the main method.
The contents of the java.policy file:
grant {
permission java.security.AllPermission;
};
Putting the java.policy file inside "$JAVA_HOME/jre/lib/security" solves the issue.
Anyone can tell me what's happening?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我发现我们有 3 个选项可以解决这个问题:
1) 在初始化记录器之前初始化 SecurityManager
2) 将 $JAVA_HOME/jre/lib/security 中的 java.policy 替换为你的
3) 启动应用程序时将 java.policy 的位置作为系统属性传递:-Djava.security.policy=java.policy
I found out that we have 3 options to work around this:
1) Initialize the SecurityManager before initializing a logger
2) Replace the java.policy inside $JAVA_HOME/jre/lib/security with yours
3) Pass java.policy's location as a system property when starting the app: -Djava.security.policy=java.policy