Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1458: HttpSessionEventPublisher has static Log. it causes the log4j configuration to happen before Log4jConfigListener #1698

spring-issuemaster opened this Issue Apr 12, 2010 · 2 comments


None yet
1 participant

Ido Tzang (Migrated from SEC-1458) said:

Although the first listener in my web.xml is the Log4jConfigListener. the log4j configuration happens before getting there.
It happens because I also have HttpSessionEventPublisher listener that has a static Log, when the static Log is initialized it causes the log4j default configuration.
The problem is that some loggers from the default configuration are still alive even after the Log4jConfigListener is called.
Changing the Log to not being static should solve the issue.

Ido Tzang said:

Actually, after testing further, making the field an instance field rather than static does not solve the problem - it appears as if Tomcat instantiates all listener objects before calling them.

we ended up changing Log4jConfigListener to call shutdownLogging before initLogging, to clear the Log4j configuration.

Not sure if this is a Spring Security issue...

Luke Taylor said:

I think this is essentially the same problem as reported in SPR-5977. I've removed the logger field from HttpSessionEventPublisher. The logger reference is now obtained in each method before using it.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment