Bug 1051158
| Summary: | -Djava.security.debug=access:failure results in successful accesses being logged as ERRORs (40+MB server.log in ~`1 min) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Fuse Service Works 6 | Reporter: | Len DiMaggio <ldimaggi> | ||||
| Component: | 3rd Party | Assignee: | Julian Coleman <jcoleman> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Jiri Sedlacek <jsedlace> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.0.0 | CC: | atangrin, dlesage, kconner, oskutka, soa-p-jira | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
Setting the Java Security Manager to run with a totally permissive policy and -Djava.security.debug=access:failure results in successful accesses being logged as ERRORs. As well as providing misleading information, this can impact on users by generating very large error logs.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-06-12 18:12:04 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
This is not a bug, it is expected development behaviour. Specifying and -Djava.security.debug options is only done when developing/debugging applications and is not something that you would enable during production. When enabled the Java security system will log all output through System.err, which is intercepted by the application server and logged at ERROR level. |
Created attachment 847756 [details] Server log Description of problem: Setting the Java Security Manager to run with a totally permissive policy and -Djava.security.debug=access:failure results in successful accesses being logged as ERRORs Version-Release number of selected component (if applicable): 6.1.1.GA How reproducible: 100% Steps to Reproduce: 1. Define a security policy of: grant { permission java.security.AllPermission; }; 2. Add this to standalone.sh: JAVA_OPTS="$JAVA_OPTS -Djava.security.manager -Djava.security.policy==/opt/local/permit.policy -Djava.security.debug=access:failure" 3. Start up the server Actual results: ERRORs such as: 13:35:30,657 ERROR [stderr] (MSC service thread 1-2) access: access allowed ("java.lang.RuntimePermission" "getClassLoader") Expected results: No errors for successful access. Additional info: See attached server.log