santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gerardo Nevárez Moorillón <>
Subject Logging issue with XMLSec, commons-logging, and Metro
Date Tue, 08 Sep 2009 16:49:57 GMT
Hi all,
Related to Torsten issue, I'm using Java5 with Tomcat as App Server, and I
use the Metro WS Stack in the WEB-INF/lib folder as well (v 1.4).

I have to use Canonicalization (sp?) 1.1, to sign data inside a WS operation
(not using WSS though), I pushed for1.0 Excl, but it wasn't my call (govnmt.
specs :) ). I'm using the endorsed mechanism, so that XMLSec has guaranteed
precedence over Metro, and, as far as the Signature is related this works
OK, and is a workable path on our migration to Java6 and have Canon. 1.1

My issue is with Commons Logging. Since CL has to be in the endorsed
classpath, all the applications and frameworks that use CL go through there,
and I haven't figured out a way to configure CL for each application
separately. What happens now is that the logging done in CL in all
applications, is going to stdout.

I'm using log4j as the final (or destination?) logging mechanism, and gets
configured by each webapp in a listener (Spring's Log4jConfigListener)

Using the CL config properties in the WEB-INF/classes folder does not work
reliably, there seems to be a singleton in CL, so, even if I include log4j
in endorsed, each web  application re-configures Log4j, and all the CL
logging goes to the latest loaded log4j configuration.

Any experiences/ideas on how to configure xmlsec/CL to work in this

I worked around it patching xmlsec internally, and switching to slf4j, I
then place the patched xmlsec and the slf4j api in endorsed, the simple
slf4j impl. in $tomcat/common/lib, and the slf4j delegation-to-log4j jar in
the webapp WEB-INF/lib folder.

But it feels like a hack, and I will have to update xmlsec later on, any
better ideas?


View raw message