[LOG4J2-2902] Add missing LoaderUtil permissions check

[rschmitt]

This change adds a missing permissions check to the getClassLoaders method of LoaderUtil before attempting to retrieve the system class loader.

[rschmitt]

@rgoers Done.

[rschmitt]

Sorry for the delay, I've made the requested changes.

[rgoers]

I tried to apply the patch but when I run the tests 2 tests in log4j-api now fail:

[ERROR] Tests run: 2, Failures: 0, Errors: 2, Skipped: 0, Time elapsed: 0.005 s <<< FAILURE! - in org.apache.logging.log4j.spi.LoggerAdapterTest
[ERROR] testMessageWithoutThrowable  Time elapsed: 0.004 s  <<< ERROR!
java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")

[ERROR] testGetLoggersInContextSynch  Time elapsed: 0.004 s  <<< ERROR!
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
	at org.apache.logging.log4j.spi.LoggerAdapterTest.testGetLoggersInContextSynch(LoggerAdapterTest.java:170)

[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.011 s - in org.apache.logging.log4j.AbstractLoggerTest

[rschmitt]

I can't reproduce this locally. You're merging into master (8e4eb7a19), right? When I run the tests locally, I get a lot of non-deterministic test failures, but if I run mvn clean verify enough it eventually succeeds.

[rschmitt]

Pinging this.

[rschmitt]

It appears that my test is somehow interfering with other tests in a non-deterministic way (presumably the global SecurityManager instance). I'll look into it and submit revisions.

[rschmitt]

In retrospect, that was a pretty obvious issue with a simple fix.

[rgoers]

I was going to apply this but it now has conflicts. Can you please rebase your fork?

[rschmitt]

Should be okay now. It was non-trivial to get the tests working on JDK11.

[ppkarwasz]

This was closed automatically by Github because we renamed the release-2.x branch to 2.x. Feel free to resubmit to the 2.x branch.