Fix for LOGGING-107. JCL failed when run under a security policy that prevented calling ClassLoader.getParent.

We now catch SecurityException in this case, and also use an AccessController so JCL can be granted permissions
without needing the caller to have those permissions too.


git-svn-id: https://svn.apache.org/repos/asf/jakarta/commons/proper/logging/trunk@424139 13f79535-47bb-0310-9956-ffa450edef68

src/java/org/apache/commons/logging/impl/LogFactoryImpl.java

@@ -688,6 +688,28 @@ public class LogFactoryImpl extends LogFactory {
                 });
     }
 
+    /**
+     * Fetch the parent classloader of a specified classloader.
+     * <p>
+     * If a SecurityException occurs, null is returned.
+     * <p>
+     * Note that this method is non-static merely so logDiagnostic is available.
+     */
+    private ClassLoader getParentClassLoader(final ClassLoader cl) {
+        try {
+            return (ClassLoader)AccessController.doPrivileged(
+                    new PrivilegedAction() {
+                        public Object run() {
+                            return cl.getParent();
+                        }
+                    });
+        } catch(SecurityException ex) {
+            logDiagnostic("[SECURITY] Unable to obtain parent classloader");
+            return null;
+        }
+        
+    }
+
     /**
      * Utility method to check whether a particular logging library is
      * present and available for use. Note that this does <i>not</i>
@@ -1161,7 +1183,8 @@ public class LogFactoryImpl extends LogFactory {
             }
             
             // try the parent classloader
-            currentCL = currentCL.getParent();
+            // currentCL = currentCL.getParent();
+            currentCL = getParentClassLoader(currentCL);
         }
 
         if ((logAdapter != null) && affectState) {