logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ceki Gülcü <c...@qos.ch>
Subject Re: JMSReceiver/ClassLoaders/Success+Dilema
Date Tue, 15 Jun 2004 11:47:15 GMT


Please keep in mind that log4j can be placed quite high in the classloader 
chain. Consider this as a side remark.

At 05:53 AM 6/15/2004, you wrote:
>Well, I have actually managed to work out how to get Chainsaw to work with 
>the JMSReceiver and inside Web start.
>There is a couple of problems however.  To summarise, the ClassLoader that 
>is used to load a class MUST have access to any required dependencies, 
>either via the Jars/directories that the ClassLoader manages, or it's 
>_parent_ ClassLoader.
>I am able to create a ClassLoader that loads classes from a local plugins 
>directory, and can delegate to the Parent classloader as per the spec. 
>However the JMSReceiver is bundled inside the log4j core jar file, and 
>that class is loaded by Web start's JNLPClassLoader.  At the time of 
>loading the JMSReceiver class, the JNLPClassLoader does have access to 
>JMSReceiver class, but can't locate the other jms libraries, which are 
>available via the _CHILD_ classLoader (this new PluginClassLoader).

The important questions to ask is why are the dependent JMS classes not 
available? In my opinion, it is a consequence of the web-start deployment 
scenario. How representative is the web-start deployment scenario? Not very 
representative if you ask me.

>So the dilema is that realistically for this to work, the JMSReceiver 
>class needs to be loaded by the PluginClassLoader.  This means that we 
>would need to remove the JMSReceiver from the core jar only for web start 
>purposes, and have the user drop it into their local plugin directory 
>(lets call this log4jJMSReceiver.jar), along with say, weblogic.jar, or 
>whatever JMS specific impl is required. The classes and it's dependancies 
>need to be available from the same ClassLoader level or higher.

I am quite worried about log4j starting to have its own
classloader. Unless there is a compelling reason, I'd be much happier
without PluginClassLoaderFactory. You just don't start spawning your
own classloaders. It's usually very bad practice.

How does placing log4jJMSReceiver.jar in a local plugin directory help?

In order to answer this question, I had a peek at the recent
changes. In o.a.l.chainsaw.LogUI class these lines were added.

     ClassLoader classLoader = PluginClassLoaderFactory.create(new 
File(SettingsManager.getInstance().getSettingsDirectory() + File.separator 
+ "plugins"));

Log4j should not set the thread context class loader as this is an
important prerogative of J2EE containers. Actually, this line will cause
havoc when used within a container. For once, it will immediately
break JNDI. (The TCL was invented to allow JNDI context variables.) It
will actually break log4j itself which uses JNDI variables.

Please don't bring the whole structure down in order to cater for this
marginal deployment scenario. If an elegant solution cannot be
provided, than it is better to recognize this fact and then to move
on. In this case, the wisest thing to do may be to declare that
JMSReceiver does not work with web-start.

>Secondly, to be able to actually use these loaded classes requires the 
>following line in LogUI's startup method:
>This basically turns off security checking for most things, and is allowed 
>because Chainsaw is marked with the "all Permissions" permission.  If this 
>line is not added, then when a class inside one of these Plugin jars tries 
>to, say, read a System property, you get something like:
>Caused by: java.security.AccessControlException: access denied 
>(java.util.PropertyPermission weblogic.xml.debug read)
>Removing the SecurityManager seems a bit harsh, and I propose that we only 
>do this with the User's permission via a AppliciationPreference so they 
>can explicitly decide this.  The classes loaded via the PluginClassLoader 
>then effectively become trusted.
>Given these ClassLoader issues, I wonder whether it is worth NOT 
>distributing the JMSReceiver class inside the log4j core jar, as users 
>could run into the same problems.

>I would appreciate if anyone has any comments on this.

Unless, it was not clear from the above, my comment can be summarized as a 
big fat -1. :-)

>Paul Smith

Ceki Gülcü

      For log4j documentation consider "The complete log4j manual"
      ISBN: 2970036908 http://www.qos.ch/shop/products/clm_t.jsp  

To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org

View raw message