On Saturday 19 January 2008, Marcus Better wrote: > If the user creates that file then the security exception still gets > thrown, so it would be very confusing to pretend the file doesn't > exist. I'm not too happy about this idea.
In that case, we would need to grant FilePermission to read the logging.properties file in the appropriate place in each Web application directory. To do this automatically, Tomcat would most likely have to provide a custom java.security.Policy implementation that, in addition to granting permissions defined by the configured security policy, also grants read access to each webapp's own logging.properties file. I'm afraid this is a far bigger project than I'm willing to take on, but perhaps someone among the Apache folks will do it, so why not forward this bug upstream?
signature.asc
Description: This is a digitally signed message part.
