New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SLF4J-548] Fix ServiceLoader usage in servlet environment #304
Conversation
If both the servlet container and a web application use SLF4J, `ServiceLoader` calls are susceptible to three problems: 1. The SLF4J copy in the webapp detects the common providers by can not instantiate them (they implement a different copy of `SLF4JProviderService`), 2. The SLF4J copy in the common classloader can bind the providers in the webapp classloader and cause a memory leak, 3. If the server uses a SecurityManager the static initialization of `LoggerFactory` fails if called by unprivileged code. This PR should solve these problems. Signed-off-by: Piotr P. Karwasz <piotr.github@karwasz.org>
2e26cf7
to
06d6c81
Compare
PRs without a related issue tend to fall in between the cracks. I have created a jira issue for this PR SLF4J-568 |
@ppkarwasz Indeed, thank you. |
@ceki Could you check this, please? We have issues to adopt SLF4J 2 in WildFly-Core downstream. The service load based on TCCL is a mess. @ppkarwasz solution solved it for log4j2 API service load of the corresponding impl. |
@boris-unckel Do you have a description of the problem you are facing? Or a reference to the original problem? From a cursory look, Piotr's patch
Am I missing anything? You mention TCCL but the code in question does not use TCCL (on purpose). |
The patch also calls It's basically a simplified version of ServiceLoaderUtil in |
Hello @ceki , steps to reproduce: General: setup latest Maven and a Java 11 environment
The issues occur without SecurityManager, too. To check simply remove I thought I could develop a workaround, initializing slf4j early in the log subsystem: Kind regards |
@boris-unckel Thanks for the information. I am quite swamped at the moment. I'll deal with this when I can, but it make take a few days. |
@ceki Hope you're fine. Any updates on this one? |
Hi @boris-unckel, I am sorry for not having attended to this PR. It is at the top of my SLF4J todo list. I expect to start working on SLF4J on the week of Monday 14th and there should be a new release before the end of November. If you wish things to go a little faster, there is also the option of championing a release. |
@boris-unckel Can you please check if release 2.0.4 solves the issue for you? Here is a quote from the release notes:
|
Hello @ceki @ppkarwasz I have tested it with WildFly-Core and 2.0.4 still has issues. I have ported the ServiceLoaderUtil from Log4j2 and it works immediately. This is the showcase[1]:
The WildFly-Core integrated version of it is here: [1] The showcase contains copies of code from log4j2. The commit message shows source URLs. |
@boris-unckel Can you please clarify whether slf4j-api version 1.7.x works for WildFly-Core? |
Thanks for the tests. I was pretty sure this patch is equivalent to what we did in Log4j2 (minus the Given the amount of debugging that Full disclosure: there is still an open Log4j2 bug report (cf. LOG4J2-3624) that might be related to |
@ceki @ppkarwasz thanks for your fast reply
Yes, sure: It's used in the current production version https://github.com/wildfly/wildfly-core/blob/19.0.0.Final/pom.xml#L257 you can download it here: https://www.wildfly.org/downloads/ It's also a implicit module: https://docs.wildfly.org/27/Developer_Guide.html#how-and-when-is-an-implicit-module-dependency-added |
@boris-unckel Slf4j's LoggerFactory in both version 1.7.x and version 2.0.4 (but not 2.0.3) use the same class loader, i.e. the class loader that loaded the LoggerFactory class to look for the logging implementation. Thus, why would 1.7.36 work in a given context, in this case WildFly, and 2.0.4 fail in the same context? Running the tests under "wildfly-core/testsuite/embedded" with SLF4J 2.0.4, more specifically the test LogbackStandaloneTestCase.testLogback, I observe the following exception:
I also observe that SLF4J provider finds logback and can create logger instances apparently with no problems. As for the actual cause of the failure, that remains a mystery. |
Update: setting pom entries to use slf4j 2.0.4 and logback 1.4.5, the following commands complete successfully.
Here are the edits on the project:
|
@ceki Thanks for checking it. Please don't |
@boris-unckel I have rerun the tests a second time without the security manager. I am seeing |
@ceki Good morning, including the SecurityManager (why do you run without?) it seems down to last one error. It's not about the classloader, you're correct for this part.
and I assume it fails due to this change, removing the privileged action: 43a3630#diff-204f23f1c787a5f1f6162f79eae7d8694d723ef7788e23b79ed270a15c677b00L108-L111
My guess is Some background information regarding the Security Manager, modules and PriviligedAction use: https://docs.wildfly.org/27/WildFly_Elytron_Security.html#Elytron_JSM_Further_Background |
The version of slf4j-jboss-logmanager I am using is from https://github.com/boris-unckel/slf4j-jboss-logmanager/ The
So it looks like I am using the same version of slf4j-jboss-logmanager. |
@ceki I have tested and |
@boris-unckel Sorry for not having been clearer earlier. I rather not change the class loading behavior of Given Apache (Jakarta) Commnons-Logging experience, SLF4J was created in 2005 chiefly to avoid class loading problems during logging. It does so by adopting the simplest class loading model possible. Patch 06d6c81 offers a more dynamic model, and from your previous comments, which is apparently not even needed. As for using |
@ceki, the following code does not change the class loading behavior: since the
I am far from being an expert on |
@ceki Yes, sure. It was meant only regarding the Security Manager, the ClassLoading works as the tests have shown. |
Cool. We are all in agreement then. |
@ceki Just to be sure: You're preparing the fix? Or do you expect a PR? |
I am preparing a fix. |
Thanks to you both for all your support. |
@boris-unckel Can you please verify that 3bc58f3 committed a few moments ago works as expected? |
@ceki Thanks, I have prepared a local snapshot build and the test is running right now. I'm going to give a status with the result tomorrow morning. |
@ceki The test run completed successfully. Thanks for your ongoing support to get this solved. |
If both the servlet container and a web application use SLF4J,
ServiceLoader
calls are susceptible to three problems:instantiate them (they implement a different copy of
SLF4JProviderService
),the webapp classloader and cause a memory leak,
LoggerFactory
fails if called by unprivileged code.This PR should solve these problems.