@@ -247,15 +247,17 @@ private void neverEntitled(Class<?> callerClass, Supplier<String> operationDescr
247247 return ;
248248 }
249249
250+ String componentName = getEntitlements (requestingClass ).componentName ();
250251 notEntitled (
251252 Strings .format (
252- "Not entitled: component [%s], module [%s], class [%s], operation [%s]" ,
253- getEntitlements ( requestingClass ). componentName () ,
253+ "component [%s], module [%s], class [%s], operation [%s]" ,
254+ componentName ,
254255 requestingClass .getModule ().getName (),
255256 requestingClass ,
256257 operationDescription .get ()
257258 ),
258- callerClass
259+ callerClass ,
260+ componentName
259261 );
260262 }
261263
@@ -366,13 +368,14 @@ public void checkFileRead(Class<?> callerClass, Path path, boolean followLinks)
366368 if (canRead == false ) {
367369 notEntitled (
368370 Strings .format (
369- "Not entitled: component [%s], module [%s], class [%s], entitlement [file], operation [read], path [%s]" ,
371+ "component [%s], module [%s], class [%s], entitlement [file], operation [read], path [%s]" ,
370372 entitlements .componentName (),
371373 requestingClass .getModule ().getName (),
372374 requestingClass ,
373375 realPath == null ? path : Strings .format ("%s -> %s" , path , realPath )
374376 ),
375- callerClass
377+ callerClass ,
378+ entitlements .componentName ()
376379 );
377380 }
378381 }
@@ -395,13 +398,14 @@ public void checkFileWrite(Class<?> callerClass, Path path) {
395398 if (entitlements .fileAccess ().canWrite (path ) == false ) {
396399 notEntitled (
397400 Strings .format (
398- "Not entitled: component [%s], module [%s], class [%s], entitlement [file], operation [write], path [%s]" ,
401+ "component [%s], module [%s], class [%s], entitlement [file], operation [write], path [%s]" ,
399402 entitlements .componentName (),
400403 requestingClass .getModule ().getName (),
401404 requestingClass ,
402405 path
403406 ),
404- callerClass
407+ callerClass ,
408+ entitlements .componentName ()
405409 );
406410 }
407411 }
@@ -483,13 +487,14 @@ private void checkFlagEntitlement(
483487 if (classEntitlements .hasEntitlement (entitlementClass ) == false ) {
484488 notEntitled (
485489 Strings .format (
486- "Not entitled: component [%s], module [%s], class [%s], entitlement [%s]" ,
490+ "component [%s], module [%s], class [%s], entitlement [%s]" ,
487491 classEntitlements .componentName (),
488492 requestingClass .getModule ().getName (),
489493 requestingClass ,
490494 PolicyParser .getEntitlementTypeName (entitlementClass )
491495 ),
492- callerClass
496+ callerClass ,
497+ classEntitlements .componentName ()
493498 );
494499 }
495500 logger .debug (
@@ -524,21 +529,29 @@ public void checkWriteProperty(Class<?> callerClass, String property) {
524529 }
525530 notEntitled (
526531 Strings .format (
527- "Not entitled: component [%s], module [%s], class [%s], entitlement [write_system_properties], property [%s]" ,
532+ "component [%s], module [%s], class [%s], entitlement [write_system_properties], property [%s]" ,
528533 entitlements .componentName (),
529534 requestingClass .getModule ().getName (),
530535 requestingClass ,
531536 property
532537 ),
533- callerClass
538+ callerClass ,
539+ entitlements .componentName ()
534540 );
535541 }
536542
537- private void notEntitled (String message , Class <?> callerClass ) {
543+ private void notEntitled (String message , Class <?> callerClass , String componentName ) {
538544 var exception = new NotEntitledException (message );
539545 // Don't emit a log for muted classes, e.g. classes containing self tests
540546 if (mutedClasses .contains (callerClass ) == false ) {
541- logger .warn (message , exception );
547+ var moduleName = callerClass .getModule ().getName ();
548+ var loggerSuffix = "." + componentName + "." + ((moduleName == null ) ? ALL_UNNAMED : moduleName );
549+ var notEntitledLogger = LogManager .getLogger (PolicyManager .class .getName () + loggerSuffix );
550+ String frameInfoSuffix = StackWalker .getInstance (RETAIN_CLASS_REFERENCE )
551+ .walk (this ::findRequestingFrame )
552+ .map (frame -> "\n \t at " + frame )
553+ .orElse ("" );
554+ notEntitledLogger .warn ("Not entitled: " + message + frameInfoSuffix );
542555 }
543556 throw exception ;
544557 }
@@ -658,19 +671,18 @@ Class<?> requestingClass(Class<?> callerClass) {
658671 return callerClass ;
659672 }
660673 Optional <Class <?>> result = StackWalker .getInstance (RETAIN_CLASS_REFERENCE )
661- .walk (frames -> findRequestingClass (frames .map (StackFrame ::getDeclaringClass ) ));
674+ .walk (frames -> findRequestingFrame (frames ) .map (StackFrame ::getDeclaringClass ));
662675 return result .orElse (null );
663676 }
664677
665678 /**
666- * Given a stream of classes corresponding to the frames from a {@link StackWalker},
667- * returns the module whose entitlements should be checked.
679+ * Given a stream of {@link StackFrame}s, identify the one whose entitlements should be checked.
668680 *
669681 * @throws NullPointerException if the requesting module is {@code null}
670682 */
671- Optional <Class <?>> findRequestingClass (Stream <Class <?>> classes ) {
672- return classes .filter (c -> c . getModule () != entitlementsModule ) // Ignore the entitlements library
673- .skip (1 ) // Skip the sensitive caller method
683+ Optional <StackFrame > findRequestingFrame (Stream <StackFrame > frames ) {
684+ return frames .filter (f -> f . getDeclaringClass (). getModule () != entitlementsModule ) // ignore entitlements library
685+ .skip (1 ) // Skip the sensitive caller method
674686 .findFirst ();
675687 }
676688
0 commit comments