ppkarwasz commented on issue #3794:
URL:
https://github.com/apache/logging-log4j2/issues/3794#issuecomment-3022680584
Before implementing any changes, we need to clarify the intended purpose of
the `log4j2.configurationAllowedProtocols` configuration property:
1. **Purpose of the Property**:
* The exception message "No external protocols have been enabled," which
occurs when the property is set to `_none`, suggests that this property is
intended to control which **external** protocols can be used to retrieve
configuration files **outside** the Java application. This likely excludes
internal resources like classpath-based files.
2. **Handling of `file` and `classpath`**:
* The `file` protocol is typically handled by the `File` API and cannot
be disabled through this configuration property.
* The informal `classpath` protocol, while internal, is converted to a
`URL` via `ClassLoader.getResource`, which treats it as an external resource.
This does **not** trigger the `log4j2.configurationAllowedProtocols` check,
since it uses the one-parameter `UrlConnectionFactory.createConnection` method.
3. **Spring Boot's Handling of `classpath`**:
* Spring Boot similarly converts the `classpath` protocol to a `URL`.
However, it uses the four-parameter `UrlConnectionFactory.createConnection`
method, which inadvertently applies the `log4j2.configurationAllowedProtocols`
check, despite the `classpath` protocol being internal.
@rgoers, @vy, what do you think? How should we solve the current
inconsistencies of `log4j2.configurationAllowedProtocols`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
