All, See this SO thread: http://stackoverflow.com/questions/18147885/use-log4j-in-a-tomcat-with-security-manager
...and refer to the Tomcat 7 log4j instructions: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j ...for context. It looks like (the original) bin/tomcat-juli.jar is not given permissions in conf/catalina.policy to read bin/log4j.properties. So, if one follows the instructions for Tomcat/log4j from the link above, and runs under a security manager, the logging system will throw a SecurityException. Should we modify catalina.policy to allow bin/tomcat-juli.jar to read lib/log4j.properties (and possibly newer config files such as lib/log4j.xml), or should we add an instruction in the documentation for doing that? On the one hand, it might be nice if it "just worked" with fewer steps to follow. On the other hand, running such that read-access to conf/log4j.properties|xml when not needed could be considered a (very minor) security risk. Separately, in Tomcat's logging instructions, item #4 says that if you want to use log4j globally, you should put the new tomcat-juli.jar into the conf/ directory instead of bin/. There is no commentary about what to do with the original bin/tomcat-juli.jar... if I were following the instructions, I would leave the original in place, but that does not really sound appropriate to me. What is the proper technique to use log4j for both Tomcat and webapp logging? Thanks, -chris
signature.asc
Description: OpenPGP digital signature
