Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
SEC-1458: HttpSessionEventPublisher has static Log. it causes the log4j configuration to happen before Log4jConfigListener #1698
Although the first listener in my web.xml is the Log4jConfigListener. the log4j configuration happens before getting there.
Ido Tzang said:
Actually, after testing further, making the field an instance field rather than static does not solve the problem - it appears as if Tomcat instantiates all listener objects before calling them.
we ended up changing Log4jConfigListener to call shutdownLogging before initLogging, to clear the Log4j configuration.
Not sure if this is a Spring Security issue...