|
 |
33cff6 |
From 39b0d64d6e4c72b41eb08bebcf24f2ca861574ec Mon Sep 17 00:00:00 2001
|
|
|
33cff6 |
From: Mikolaj Izdebski <mizdebsk@redhat.com>
|
|
|
33cff6 |
Date: Wed, 15 Dec 2021 16:02:07 +0100
|
|
|
33cff6 |
Subject: [PATCH 2/2] Disable JNDI by default
|
|
|
33cff6 |
|
|
|
33cff6 |
JNDI, which is used by JMS appender, has significant security issues.
|
|
|
33cff6 |
It is safer for users to disable JMS appender by default,
|
|
|
33cff6 |
especially since the large majority are unlikely to be using it.
|
|
|
33cff6 |
Those who are will need to explicitly enable it, for example:
|
|
|
33cff6 |
|
|
|
33cff6 |
log4j.appender.jms=org.apache.log4j.net.JMSAppender
|
|
|
33cff6 |
log4j.appender.jms.Enabled=true
|
|
|
33cff6 |
|
|
|
33cff6 |
This is a simillar approach to the one implemented in Log4J 2:
|
|
|
33cff6 |
https://issues.apache.org/jira/browse/LOG4J2-3208
|
|
|
33cff6 |
---
|
|
|
33cff6 |
.../java/org/apache/log4j/net/JMSAppender.java | 15 +++++++++++++++
|
|
|
33cff6 |
1 file changed, 15 insertions(+)
|
|
|
33cff6 |
|
|
|
33cff6 |
diff --git a/src/main/java/org/apache/log4j/net/JMSAppender.java b/src/main/java/org/apache/log4j/net/JMSAppender.java
|
|
|
33cff6 |
index 3482702d..564da0c5 100644
|
|
|
33cff6 |
--- a/src/main/java/org/apache/log4j/net/JMSAppender.java
|
|
|
33cff6 |
+++ b/src/main/java/org/apache/log4j/net/JMSAppender.java
|
|
|
33cff6 |
@@ -101,6 +101,7 @@ import java.util.Properties;
|
|
|
33cff6 |
@author Ceki Gülcü */
|
|
|
33cff6 |
public class JMSAppender extends AppenderSkeleton {
|
|
|
33cff6 |
|
|
|
33cff6 |
+ boolean enabled;
|
|
|
33cff6 |
String securityPrincipalName;
|
|
|
33cff6 |
String securityCredentials;
|
|
|
33cff6 |
String initialContextFactoryName;
|
|
|
33cff6 |
@@ -120,6 +121,16 @@ public class JMSAppender extends AppenderSkeleton {
|
|
|
33cff6 |
JMSAppender() {
|
|
|
33cff6 |
}
|
|
|
33cff6 |
|
|
|
33cff6 |
+ public
|
|
|
33cff6 |
+ void setEnabled(boolean enabled) {
|
|
|
33cff6 |
+ this.enabled = enabled;
|
|
|
33cff6 |
+ }
|
|
|
33cff6 |
+
|
|
|
33cff6 |
+ public
|
|
|
33cff6 |
+ boolean getEnabled() {
|
|
|
33cff6 |
+ return enabled;
|
|
|
33cff6 |
+ }
|
|
|
33cff6 |
+
|
|
|
33cff6 |
/**
|
|
|
33cff6 |
The TopicConnectionFactoryBindingName option takes a
|
|
|
33cff6 |
string value. Its value will be used to lookup the appropriate
|
|
|
33cff6 |
@@ -170,6 +181,10 @@ public class JMSAppender extends AppenderSkeleton {
|
|
|
33cff6 |
* Options are activated and become effective only after calling
|
|
|
33cff6 |
* this method.*/
|
|
|
33cff6 |
public void activateOptions() {
|
|
|
33cff6 |
+ if (!enabled) {
|
|
|
33cff6 |
+ throw new IllegalStateException("JMS appender is disabled by default and must be enabled by setting Enabled=true property of the appender");
|
|
|
33cff6 |
+ }
|
|
|
33cff6 |
+
|
|
|
33cff6 |
TopicConnectionFactory topicConnectionFactory;
|
|
|
33cff6 |
|
|
|
33cff6 |
try {
|
|
|
33cff6 |
--
|
|
|
33cff6 |
2.33.1
|
|
|
33cff6 |
|