From a3f56847e1f46ed229f3577391ee5e9e2ff36c62 Mon Sep 17 00:00:00 2001 From: Sylvain Dusart Date: Wed, 12 Jun 2024 15:11:50 +0200 Subject: [PATCH] do not use virtual threads when a SecurityManager is set When running with a SecurityManager set, virtual threads have no permissions (https://openjdk.org/jeps/444). => Virtual threads must not be used otherwise AccessControlExceptions will be raised during file manipulations. 09:50:57,825 |-ERROR in c.q.l.core.rolling.TimeBasedRollingPolicy@1645547422 - Unexpected exception while waiting for compression job to finish java.util.concurrent.ExecutionException: java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/logs/business.2024-06-12-0949.log8596119935863.tmp" "read") at java.util.concurrent.ExecutionException: java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/logs/business.2024-06-12-0949.log8596119935863.tmp" "read") at at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122) at at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:205) at at ch.qos.logback.core.rolling.TimeBasedRollingPolicy.waitForAsynchronousJobToStop(TimeBasedRollingPolicy.java:140) at at ch.qos.logback.core.rolling.TimeBasedRollingPolicy.stop(TimeBasedRollingPolicy.java:132) at at ch.qos.logback.core.rolling.RollingFileAppender.stop(RollingFileAppender.java:159) at at ch.qos.logback.core.spi.AppenderAttachableImpl.detachAndStopAllAppenders(AppenderAttachableImpl.java:107) at at ch.qos.logback.classic.Logger.detachAndStopAllAppenders(Logger.java:209) at at ch.qos.logback.classic.Logger.recursiveReset(Logger.java:333) at at ch.qos.logback.classic.Logger.recursiveReset(Logger.java:340) at at ch.qos.logback.classic.LoggerContext.reset(LoggerContext.java:363) at at ch.qos.logback.classic.LoggerContext.stop(LoggerContext.java:343) at at org.springframework.boot.logging.logback.LogbackLoggingSystem.lambda$getShutdownHandler$2(LogbackLoggingSystem.java:391) at at java.base/java.lang.Iterable.forEach(Iterable.java:75) at at org.springframework.boot.SpringApplicationShutdownHook.run(SpringApplicationShutdownHook.java:116) at at java.base/java.lang.Thread.run(Thread.java:1583) Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/logs/business.2024-06-12-0949.log8596119935863.tmp" "read") at at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:488) at at java.base/java.security.AccessController.checkPermission(AccessController.java:1071) at at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:411) at at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:742) at at java.base/java.io.File.exists(File.java:831) at at ch.qos.logback.core.rolling.helper.Compressor.gzCompress(Compressor.java:148) at at ch.qos.logback.core.rolling.helper.Compressor.compress(Compressor.java:57) at at ch.qos.logback.core.rolling.helper.Compressor$CompressionRunnable.run(Compressor.java:246) at at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) at at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) at at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) at at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) at at java.base/java.lang.VirtualThread.run(VirtualThread.java:309) --- .../core/util/ExecutorServiceUtil.java | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/logback-core/src/main/java21/ch/qos/logback/core/util/ExecutorServiceUtil.java b/logback-core/src/main/java21/ch/qos/logback/core/util/ExecutorServiceUtil.java index 221f23447d..e78ce72b7e 100644 --- a/logback-core/src/main/java21/ch/qos/logback/core/util/ExecutorServiceUtil.java +++ b/logback-core/src/main/java21/ch/qos/logback/core/util/ExecutorServiceUtil.java @@ -34,6 +34,9 @@ * @author Mikhail Mazursky */ public class ExecutorServiceUtil { + + private static final boolean NO_SECURITY_MANAGER = System.getSecurityManager() == null; + private static final ThreadFactory THREAD_FACTORY_FOR_SCHEDULED_EXECUTION_SERVICE = new ThreadFactory() { private final AtomicInteger threadNumber = new AtomicInteger(1); @@ -41,13 +44,18 @@ public class ExecutorServiceUtil { private final ThreadFactory defaultFactory = makeThreadFactory(); /** - * A thread factory which may be a virtual thread factory the JDK supports it. + * A thread factory which may be a virtual thread factory if the JDK supports it + * and there is no security manager. * * @return */ private ThreadFactory makeThreadFactory() { - ThreadFactory tf = Thread.ofVirtual().factory(); - return tf; + if (NO_SECURITY_MANAGER) { + ThreadFactory tf = Thread.ofVirtual().factory(); + return tf; + } + + return Executors.defaultThreadFactory(); } @Override @@ -99,11 +107,15 @@ static public void shutdown(ExecutorService executorService) { /** * An alternate implementation of {@linl #newThreadPoolExecutor} which returns a virtual thread per task executor - * when available. + * if the JDK supports it and there is no security manager. * * @since 1.3.12/1.4.12 */ static public ExecutorService newAlternateThreadPoolExecutor() { - return Executors.newVirtualThreadPerTaskExecutor(); + if (NO_SECURITY_MANAGER) { + return Executors.newVirtualThreadPerTaskExecutor(); + } + + return newThreadPoolExecutor(); } }