Force init of Unbox in log4j (#92377) (#92398)

rjernst · web-flow · commit 7e52736f8f31 · 2022-12-15T14:09:55.000-05:00
* Force init of Unbox in log4j Some libaries have static initializers that require security manager permissions. When this initialization occurs during normal operation, it can cause security manager exceptions depending on where a logging call is made. This commit adds a place for static initialization of log4j utility classes to be run, and specifically adds the Unbox class which wants to read env vars. closes #91964
diff --git a/docs/changelog/92377.yaml b/docs/changelog/92377.yaml
@@ -0,0 +1,6 @@
+pr: 92377
+summary: Force init of Unbox in log4j
+area: Infra/Core
+type: bug
+issues:
+ - 91964
diff --git a/server/src/main/java/org/elasticsearch/common/logging/LogConfigurator.java b/server/src/main/java/org/elasticsearch/common/logging/LogConfigurator.java
@@ -30,6 +30,7 @@
 import org.apache.logging.log4j.status.StatusData;
 import org.apache.logging.log4j.status.StatusListener;
 import org.apache.logging.log4j.status.StatusLogger;
+import org.apache.logging.log4j.util.Unbox;
 import org.elasticsearch.cluster.ClusterName;
 import org.elasticsearch.common.logging.internal.LoggerFactoryImpl;
 import org.elasticsearch.common.settings.Settings;
@@ -41,6 +42,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.PrintStream;
+import java.lang.invoke.MethodHandles;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.FileVisitOption;
 import java.nio.file.FileVisitResult;
@@ -122,6 +124,7 @@ public static void configure(final Environment environment, boolean useConsole)
         }
         configureESLogging();
         configure(environment.settings(), environment.configFile(), environment.logsFile(), useConsole);
+        initializeStatics();
     }
 
     public static void configureESLogging() {
@@ -144,6 +147,17 @@ public static void setNodeName(String nodeName) {
         NodeNamePatternConverter.setNodeName(nodeName);
     }
 
+    // Some classes within log4j have static initializers that require security manager permissions.
+    // Here we aggressively initialize those classes during logging configuration so that
+    // actual logging calls at runtime do not trigger that initialization.
+    private static void initializeStatics() {
+        try {
+            MethodHandles.publicLookup().ensureInitialized(Unbox.class);
+        } catch (IllegalAccessException impossible) {
+            throw new AssertionError(impossible);
+        }
+    }
+
     private static void checkErrorListener() {
         assert errorListenerIsRegistered() : "expected error listener to be registered";
         if (error.get()) {
