Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-1458: HttpSessionEventPublisher has static Log. it causes the log4j configuration to happen before Log4jConfigListener #1698

spring-issuemaster opened this issue Apr 12, 2010 · 2 comments


Copy link

@spring-issuemaster spring-issuemaster commented Apr 12, 2010

Ido Tzang (Migrated from SEC-1458) said:

Although the first listener in my web.xml is the Log4jConfigListener. the log4j configuration happens before getting there.
It happens because I also have HttpSessionEventPublisher listener that has a static Log, when the static Log is initialized it causes the log4j default configuration.
The problem is that some loggers from the default configuration are still alive even after the Log4jConfigListener is called.
Changing the Log to not being static should solve the issue.


This comment has been minimized.

Copy link

@spring-issuemaster spring-issuemaster commented Apr 13, 2010

Ido Tzang said:

Actually, after testing further, making the field an instance field rather than static does not solve the problem - it appears as if Tomcat instantiates all listener objects before calling them.

we ended up changing Log4jConfigListener to call shutdownLogging before initLogging, to clear the Log4j configuration.

Not sure if this is a Spring Security issue...


This comment has been minimized.

Copy link

@spring-issuemaster spring-issuemaster commented Apr 16, 2010

Luke Taylor said:

I think this is essentially the same problem as reported in SPR-5977. I've removed the logger field from HttpSessionEventPublisher. The logger reference is now obtained in each method before using it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.