tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cost...@covalent.net
Subject Re: Logging separation
Date Wed, 26 Jun 2002 22:15:44 GMT

On Wed, 26 Jun 2002, Ceki Gülcü wrote:


> A difficulty I encountered while implementing the solution outlined in 
> http://qos.ch/containers/sc.html is the difference of TCL while the the 
> static class initializer of a servlet class is executed and the TCL while a 
> servlet is running. There are two distinct TCLs. (I've tried this on Tomcat 3).

That's very strange - Jdk12Interceptor is setting the TCL before 
init/destroy/service, and it should be the same. 

What code are you using ?

Regarding the document - it looks great. One missing part is how the 
JMX part of log4j will name it's objects ( i.e. the Hierarchy must 
have a name ). The container should be able to set this name when
it creates the hierarchy ( with  "vhost:/cpath" for example ).

BTW, I will try to implement this at the coyote level, since this
is likely to be usefull for 3.3, 4.x and 5.0. It will require
the ADD_CONTEXT callback to work ( that's needed for jk autoconf
anyway ), and probably few other small changes. 

One important issue not covered in the document - the possible 
interaction with the sandbox. If log4j is in the common path,
it'll probably have high permissions. I assume you don't use
doPriviledged() in the code, but you probably use some
queue or similar code - and that may potentially get code to
be executed with the container permissions, possibly
allowing untrusted servlets to do bad things.

On the same line, it is very likely log4j will not work 
in the sandbox without a doPriviledged() unless the webapps
have write permission to log/. 

Glenn is much better at explaining all this - but it's a serious
issue.

Costin

  



> 
> 
> At 17:02 26.06.2002 +0200, Ceki Gülcü wrote:
> 
> 
> >Hello,
> >
> >I have written a short spec on how to achieve separation of logging
> >between different web-applications in a Sevlet Container. It is
> >available at:
> >
> >   http://qos.ch/containers/sc.html
> >
> >I would appreciate receiving comments. Thank you,
> 
> --
> Ceki
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
> 
> 


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message