java.security.policy issue using logback

Question

The following code runs file using LOG4J (and SLF4J):

package test; 

import java.rmi.RMISecurityManager; 
import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 

    public class TestMain { 
    private static final Logger logger = LoggerFactory.getLogger(TestMain.class); 
    public static void main(String[] args) throws Exception { 
        System.setProperty("java.security.policy", "./src/main/config/java.policy"); 
        logger.debug("Policy location: {}", System.getProperty("java.security.policy")); 
        if (System.getSecurityManager() == null) { 
            System.setSecurityManager(new RMISecurityManager()); 
        } 
        System.setProperty("java.security.policy", "./src/main/config/java.policy"); 
    } 
}

When switching the dependencies to "logback" instead of log4j, it gives:

01:05:37.702 [main] DEBUG test.TestMain - Policy location: ./src/main/config/java.policy 
Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write) 
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) 
at java.security.AccessController.checkPermission(AccessController.java:546) 
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) 
at java.lang.System.setProperty(System.java:725) 
at test.TestMain.main(TestMain.java:18) 

at the last line of the main method.

The contents of the java.policy file:

grant { 
    permission java.security.AllPermission; 
}; 

Putting the java.policy file inside "$JAVA_HOME/jre/lib/security" solves the issue.

Anyone can tell me what's happening?

Answer 1

I found out that we have 3 options to work around this:

1) Initialize the SecurityManager before initializing a logger
2) Replace the java.policy inside $JAVA_HOME/jre/lib/security with yours
3) Pass java.policy's location as a system property when starting the app: -Djava.security.policy=java.policy