stackoom
  简体   繁体   中英

How to use log4j2 in the web application WITHOUT log4j-web.jar

 原文  2021-12-27 21:09:41       java/ logging/ log4j/ log4j2

Question

I want to put the configuration file of the log4j2 (v2.17.0) outside of the war file. Therefore, I can change the logging configuration without redeploying the war file. The log4j2-web.jar provides mechanism to configure the configuration file outside of the war file along with other features.

Unfortunately, I am not allowed to use the log4j-web.jar file in web application. According to the log4j2 FAQ , it is not recommended to use LoggerContext to load configuration file because it is not part of the public API.

Question: Is there any valid way to use log4j2 in the web application without log4j-web.jar file?

1 answers

solution1
 0  2021-12-30 07:23:40

Question: Is there any valid way to use log4j2 in the web application without log4j-web.jar file?

There are two potential ways that you could dynamically update the logging configs without using log4j2-web.jar.

  1. Ignore the FAQ's recommendation 1 and use LoggerContext.reload to reload the configuration.

    It is possible that the Log4j2 team could change something in a future version so that this approach no longer works. But this is unlikely (IMO)... and you can deal with that problem if / when it happens.

  2. Use Log4j2's automatic reconfiguration mechanism. Basically, you tell Log4j2 to regularly check the config file to see if it has changed.

However...

If I was you, I would want to understand why you are "not allowed" to use "log4j-web.jar". Is it for security reasons? If it is, you may need to talk to the security people so that you fully understand the security reasons.

Q: Why?

A: Because you appear to be wanting to duplicate some of the functionality of "log4j-web.jar". It may be that it is the functionality you are trying to duplicate that is the root of your security team's concerns. And if that is the case, then implementing the functionality by hand (ie without using "log4j-web.jar") could potentially be worse... from a security perspective!

So... find out. This is NOT a case where "asking for forgiveness rather than for permission" is a sound strategy.

1 - Actually, I don't read this as a "recommendation". Rather, I read it as a "warning of potential consequences". If they really thought that using LoggerContext.reload this was a bad idea, I think they would have used more explicit language.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Configuring Log4j2 in web application using log4j-web.jar Log4j2 in Web application Log4j2 configuration in web application Multiple 1st-party jar files and multiple log4j2 configurations under a web application How to use log4j2 to log log4j logs Log4j2: no log4j-web module available log4j2 Web Lookup not working logging with log4j2 in java web apps log4j2 incorrectly initiates in web app How to write custom web service appender using log4j2?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM