On Aug 17, 2013, at 7:36 AM, Christopher Schultz wrote: > All, > > See this SO thread: > http://stackoverflow.com/questions/18147885/use-log4j-in-a-tomcat-with-security-manager > > ...and refer to the Tomcat 7 log4j instructions: > > http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j > > ...for context. > > It looks like (the original) bin/tomcat-juli.jar is not given > permissions in conf/catalina.policy to read bin/log4j.properties. So, if > one follows the instructions for Tomcat/log4j from the link above, and > runs under a security manager, the logging system will throw a > SecurityException. > > Should we modify catalina.policy to allow bin/tomcat-juli.jar to read > lib/log4j.properties (and possibly newer config files such as > lib/log4j.xml), or should we add an instruction in the documentation for > doing that?
And log4j2.xml. That's the new one. However, I actually think documentation is what's needed here. I favor just doing that over adding a default allowance. > On the one hand, it might be nice if it "just worked" with fewer steps > to follow. On the other hand, running such that read-access to > conf/log4j.properties|xml when not needed could be considered a (very > minor) security risk. > > Separately, in Tomcat's logging instructions, item #4 says that if you > want to use log4j globally, you should put the new tomcat-juli.jar into > the conf/ directory instead of bin/. There is no commentary about what > to do with the original bin/tomcat-juli.jar... if I were following the > instructions, I would leave the original in place, but that does not > really sound appropriate to me. What is the proper technique to use > log4j for both Tomcat and webapp logging? > > Thanks, > -chris > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
