Uploaded image for project: 'logback'
  1. logback
  2. LOGBACK-756

Excessive traces displayed due to AccessControlException when exception stack frames are requested

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • 1.0.7
    • logback-classic
    • None
    • All os, all browsers.

    Description

      I have an signed applet embedded in a web page.

      The applet jar includes :
      slf4j-api-1.7.1.jar
      logback-classic-1.0.7.jar
      logback-core-1.0.7.jar

      This sample code is called from the javascript (without elevated privileged) :

      public void foo() {
      try

      { bar(); }

      catch (Exception e)

      { LoggerFactory.getLogger("TestTraceApp").error("Exception caught", e); }

      }

      private void bar() throws Exception {
      throw new Exception("text");
      }

      It creates a lot of "trash" in the java console (see attached javaconsole.txt).

      The bug seems to be in :

      ch.qos.logback.classic.spi.PackagingDataCalculator.bestEffortLoadClass() :

      This method tries to call Class.forName() => which requires permissions which the applet does not have.
      And in case of exception the code falls back to :

      "240 e.printStackTrace(); // this is unexpected"

      And the stack trace is displayed for each initial exception frame .

      Solutions:
      1. Catch AccessControlException and simply returning null as we have no rights to call Class.forName() => safest and simplest solution.
      2. Call Class.forName() inside an AccessController.doPrivileged() call => but security impacts must be studied.

      Attachments

        Activity

          People

            tony19 Tony Trinh
            tomsor tomsor
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: