-
Notifications
You must be signed in to change notification settings - Fork 109
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[LOGMGR-277] Use privileged actions for rotating files as the securit…
…y context is not guaranteed to be the system level context in WildFly. https://issues.redhat.com/browse/LOGMGR-277
- Loading branch information
Showing
5 changed files
with
303 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -23,6 +23,10 @@ | |
| import java.io.FileNotFoundException; | ||
| import java.io.IOException; | ||
| import java.io.OutputStream; | ||
| import java.io.UncheckedIOException; | ||
| import java.security.AccessControlContext; | ||
| import java.security.AccessController; | ||
| import java.security.PrivilegedAction; | ||
| import java.util.logging.ErrorManager; | ||
|
|
||
| import org.jboss.logmanager.ExtLogRecord; | ||
|
|
@@ -38,6 +42,7 @@ | |
| * @author <a href="mailto:[email protected]">James R. Perkins</a> | ||
| */ | ||
| public class PeriodicSizeRotatingFileHandler extends PeriodicRotatingFileHandler { | ||
| private final AccessControlContext acc = AccessController.getContext(); | ||
| // by default, rotate at 10MB | ||
| private long rotateSize = 0xa0000L; | ||
| private int maxBackupIndex = 1; | ||
|
|
@@ -148,18 +153,20 @@ public void setOutputStream(final OutputStream outputStream) { | |
| */ | ||
| @Override | ||
| public void setFile(final File file) throws FileNotFoundException { | ||
| checkAccess(this); | ||
| synchronized (outputLock) { | ||
| // Check for a rotate | ||
| if (rotateOnBoot && maxBackupIndex > 0 && file != null && file.exists() && file.length() > 0L) { | ||
| final String suffix = getNextSuffix(); | ||
| final SuffixRotator suffixRotator = getSuffixRotator(); | ||
| if (suffixRotator != SuffixRotator.EMPTY && suffix != null) { | ||
| // Make sure any previous files are closed before we attempt to rotate | ||
| setFileInternal(null); | ||
| setFileInternal(null, false); | ||
| // Previous actions have already performed | ||
| suffixRotator.rotate(getErrorManager(), file.toPath(), suffix, maxBackupIndex); | ||
| } | ||
| } | ||
| setFileInternal(file); | ||
| setFileInternal(file, false); | ||
| } | ||
| } | ||
|
|
||
|
|
@@ -224,19 +231,34 @@ protected void preWrite(final ExtLogRecord record) { | |
| return; | ||
| } | ||
| // close the old file. | ||
| setFileInternal(null); | ||
| getSuffixRotator().rotate(getErrorManager(), file.toPath(), getNextSuffix(), maxBackupIndex); | ||
| setFileInternal(null, true); | ||
| getSuffixRotator().rotate(SecurityActions.getErrorManager(acc, this), file.toPath(), getNextSuffix(), maxBackupIndex); | ||
| // start with new file. | ||
| setFileInternal(file); | ||
| setFileInternal(file, true); | ||
| } catch (IOException e) { | ||
| reportError("Unable to rotate log file", e, ErrorManager.OPEN_FAILURE); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| private void setFileInternal(final File file) throws FileNotFoundException { | ||
| super.setFile(file); | ||
| if (outputStream != null) | ||
| outputStream.currentSize = file == null ? 0L : file.length(); | ||
| private void setFileInternal(final File file, final boolean doPrivileged) throws FileNotFoundException { | ||
| if (System.getSecurityManager() == null || !doPrivileged) { | ||
| super.setFile(file); | ||
| if (outputStream != null) { | ||
| outputStream.currentSize = file == null ? 0L : file.length(); | ||
| } | ||
| } else { | ||
| AccessController.doPrivileged((PrivilegedAction<Void>) () -> { | ||
| try { | ||
| super.setFile(file); | ||
| if (outputStream != null) { | ||
| outputStream.currentSize = file == null ? 0L : file.length(); | ||
| } | ||
| } catch (FileNotFoundException e) { | ||
| throw new UncheckedIOException(e); | ||
| } | ||
| return null; | ||
| }, acc); | ||
| } | ||
| } | ||
| } | ||
68 changes: 68 additions & 0 deletions
68
src/main/java/org/jboss/logmanager/handlers/SecurityActions.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * | ||
| * Copyright 2020 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.jboss.logmanager.handlers; | ||
|
|
||
| import java.security.AccessControlContext; | ||
| import java.security.AccessController; | ||
| import java.security.PrivilegedAction; | ||
| import java.util.function.Supplier; | ||
| import java.util.logging.ErrorManager; | ||
| import java.util.logging.Handler; | ||
|
|
||
| /** | ||
| * @author <a href="mailto:[email protected]">James R. Perkins</a> | ||
| */ | ||
| class SecurityActions { | ||
|
|
||
| static ErrorManager getErrorManager(final AccessControlContext acc, final Handler handler) { | ||
| Supplier<ErrorManager> supplier = () -> { | ||
| if (System.getSecurityManager() == null) { | ||
| return handler.getErrorManager(); | ||
| } | ||
| return AccessController.doPrivileged((PrivilegedAction<ErrorManager>) handler::getErrorManager, acc); | ||
| }; | ||
| return new LazyErrorManager(supplier); | ||
| } | ||
|
|
||
| private static class LazyErrorManager extends ErrorManager { | ||
| private final Supplier<ErrorManager> supplier; | ||
| private volatile ErrorManager delegate; | ||
|
|
||
| private LazyErrorManager(final Supplier<ErrorManager> supplier) { | ||
| this.supplier = supplier; | ||
| } | ||
|
|
||
| @Override | ||
| public synchronized void error(final String msg, final Exception ex, final int code) { | ||
| getDelegate().error(msg, ex, code); | ||
| } | ||
|
|
||
| private ErrorManager getDelegate() { | ||
| if (delegate == null) { | ||
| synchronized (this) { | ||
| if (delegate == null) { | ||
| delegate = supplier.get(); | ||
| } | ||
| } | ||
| } | ||
| return delegate; | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.