You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Ceki Gülcü <ce...@qos.ch> on 2002/06/26 17:02:39 UTC
Logging separation
Hello,
I have written a short spec on how to achieve separation of logging
between different web-applications in a Sevlet Container. It is
available at:
http://qos.ch/containers/sc.html
I would appreciate receiving comments. Thank you,
--
Ceki
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by co...@covalent.net.
On Thu, 27 Jun 2002, Ceki Gülcü wrote:
> >I don't know any other way to pass/extract the information.
>
> If there is an object that keeps track of contexts, you can pass it to
> the ContextualRepositorySelector when you instantiate it (the
> CRS). The CRS could ask that object to return "the current" context
> identifying the current web-application. Again, I do not know if this
> is possible, just speculating.
If you implement that as a module ( and I think that's the only way),
you have access to _all_ objects.
>From a servlet, when Log.getLog() is called, you need to use the TCL -
since the current calling 'pattern' doesn't pass the ServletContext.
Costin
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by Ceki Gülcü <ce...@qos.ch>.
At 07:33 27.06.2002 -0700, costinm@covalent.net wrote:
>On Thu, 27 Jun 2002, Ceki Gülcü wrote:
>
> > Let me just mention that using the TCL to keep track of the context is
> > just one possible solution. Is there another place that keeps track of
> > what thread is executing what web-application? Remember that the
> > ContextRepositorySelector is implemented within the Container. It is
> > not prevented from doing Container specific tricks. Just a possibility
> > worth mentioning.
>
>I don't know any other way to pass/extract the information.
If there is an object that keeps track of contexts, you can pass it to
the ContextualRepositorySelector when you instantiate it (the
CRS). The CRS could ask that object to return "the current" context
identifying the current web-application. Again, I do not know if this
is possible, just speculating.
>I think a BaseInterceptor/Valve/Coyte module that is aware of
>the container should init the selector.
The CRS should be set at the earliest occasion, but not earlier. :-)
>Note that the ClassLoader that will become the TCL is available
>as a property of Context ( in both tomcats ), you can use that
>when setting up.
>
>If you can wait few more days, I'll implement something at Coyote
>level - that would work on all present and future tomcats.
That would be very nice.
>Costin
--
Ceki
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by co...@covalent.net.
On Thu, 27 Jun 2002, Ceki Gülcü wrote:
> Let me just mention that using the TCL to keep track of the context is
> just one possible solution. Is there another place that keeps track of
> what thread is executing what web-application? Remember that the
> ContextRepositorySelector is implemented within the Container. It is
> not prevented from doing Container specific tricks. Just a possibility
> worth mentioning.
I don't know any other way to pass/extract the information.
I think a BaseInterceptor/Valve/Coyte module that is aware of
the container should init the selector.
Note that the ClassLoader that will become the TCL is available
as a property of Context ( in both tomcats ), you can use that
when setting up.
If you can wait few more days, I'll implement something at Coyote
level - that would work on all present and future tomcats.
Costin
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by Ceki Gülcü <ce...@qos.ch>.
At 07:03 27.06.2002 -0700, costinm@covalent.net wrote:
> > As an aside, setting the logger in the static init method is almost always
> > wrong for a servlet. If the class is living in a jar in lib/apps, then
> only
> > one logger gets created even if the servlet is used in several webapps.
>
>+1
>
>But: if I remember corectly, the TCL is set to either the webapp or to
>the container class loader ( so jasper and other modules can find the
>parser ). In which case a servlet can access the container class loader,
>by using a static field that gets it. This may be a security problem.
Let me just mention that using the TCL to keep track of the context is
just one possible solution. Is there another place that keeps track of
what thread is executing what web-application? Remember that the
ContextRepositorySelector is implemented within the Container. It is
not prevented from doing Container specific tricks. Just a possibility
worth mentioning.
>Costin
--
Ceki
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by co...@covalent.net.
On Wed, 26 Jun 2002, Bill Barker wrote:
> I was thinking of adding a preInitCheck and postInitCheck to
> Jdk12Interceptor just to keep it all in one place. (This was the reason to
> have postInitCheck at all).
+1
> As an aside, setting the logger in the static init method is almost always
> wrong for a servlet. If the class is living in a jar in lib/apps, then only
> one logger gets created even if the servlet is used in several webapps.
+1
But: if I remember corectly, the TCL is set to either the webapp or to
the container class loader ( so jasper and other modules can find the
parser ). In which case a servlet can access the container class loader,
by using a static field that gets it. This may be a security problem.
Costin
>
> >
> > Costin
> >
> > >
> > > ----- Original Message -----
> > > From: "Ceki Gülcü" <ce...@qos.ch>
> > > To: "Tomcat Developers List" <to...@jakarta.apache.org>
> > > Sent: Wednesday, June 26, 2002 2:57 PM
> > > Subject: Re: Logging separation
> > >
> > >
> > >
> > > A difficulty I encountered while implementing the solution outlined in
> > > http://qos.ch/containers/sc.html is the difference of TCL while the the
> > > static class initializer of a servlet class is executed and the TCL
> while a
> > > servlet is running. There are two distinct TCLs. (I've tried this on
> Tomcat
> > > 3).
> > >
> > >
> > > At 17:02 26.06.2002 +0200, Ceki Gülcü wrote:
> > >
> > >
> > > >Hello,
> > > >
> > > >I have written a short spec on how to achieve separation of logging
> > > >between different web-applications in a Sevlet Container. It is
> > > >available at:
> > > >
> > > > http://qos.ch/containers/sc.html
> > > >
> > > >I would appreciate receiving comments. Thank you,
> > >
> > > --
> > > Ceki
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> > >
> > >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by Ceki Gülcü <ce...@qos.ch>.
At 15:46 26.06.2002 -0700, Bill Barker wrote:
>As an aside, setting the logger in the static init method is almost always
>wrong for a servlet. If the class is living in a jar in lib/apps, then only
>one logger gets created even if the servlet is used in several webapps.
This is an important observation. More generally, for a class that is
used in multiple contexts, the static logger approach won't work
properly.
--
Ceki
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by Bill Barker <wb...@wilshire.com>.
----- Original Message -----
From: <co...@covalent.net>
To: "Tomcat Developers List" <to...@jakarta.apache.org>
Sent: Wednesday, June 26, 2002 3:33 PM
Subject: Re: Logging separation
> On Wed, 26 Jun 2002, Bill Barker wrote:
>
> > This is basically the same as
> > <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7654>.
> > If you set the logger in the init() method, it will work. In light of
> > section 2.3.2.2 of the 2.3 servlet spec, this is the only safe place to
do
> > any container-sensitive operations.
>
> Do you think we should set the TCL before calling contextInit or in
> ServetHandler.getServlet() ?
>
I was thinking of adding a preInitCheck and postInitCheck to
Jdk12Interceptor just to keep it all in one place. (This was the reason to
have postInitCheck at all).
As an aside, setting the logger in the static init method is almost always
wrong for a servlet. If the class is living in a jar in lib/apps, then only
one logger gets created even if the servlet is used in several webapps.
>
> Costin
>
> >
> > ----- Original Message -----
> > From: "Ceki Gülcü" <ce...@qos.ch>
> > To: "Tomcat Developers List" <to...@jakarta.apache.org>
> > Sent: Wednesday, June 26, 2002 2:57 PM
> > Subject: Re: Logging separation
> >
> >
> >
> > A difficulty I encountered while implementing the solution outlined in
> > http://qos.ch/containers/sc.html is the difference of TCL while the the
> > static class initializer of a servlet class is executed and the TCL
while a
> > servlet is running. There are two distinct TCLs. (I've tried this on
Tomcat
> > 3).
> >
> >
> > At 17:02 26.06.2002 +0200, Ceki Gülcü wrote:
> >
> >
> > >Hello,
> > >
> > >I have written a short spec on how to achieve separation of logging
> > >between different web-applications in a Sevlet Container. It is
> > >available at:
> > >
> > > http://qos.ch/containers/sc.html
> > >
> > >I would appreciate receiving comments. Thank you,
> >
> > --
> > Ceki
> >
> >
> > --
> > To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> > For additional commands, e-mail:
<ma...@jakarta.apache.org>
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> > For additional commands, e-mail:
<ma...@jakarta.apache.org>
> >
> >
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by co...@covalent.net.
On Wed, 26 Jun 2002, Bill Barker wrote:
> This is basically the same as
> <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7654>.
> If you set the logger in the init() method, it will work. In light of
> section 2.3.2.2 of the 2.3 servlet spec, this is the only safe place to do
> any container-sensitive operations.
Do you think we should set the TCL before calling contextInit or in
ServetHandler.getServlet() ?
Costin
>
> ----- Original Message -----
> From: "Ceki Gülcü" <ce...@qos.ch>
> To: "Tomcat Developers List" <to...@jakarta.apache.org>
> Sent: Wednesday, June 26, 2002 2:57 PM
> Subject: Re: Logging separation
>
>
>
> A difficulty I encountered while implementing the solution outlined in
> http://qos.ch/containers/sc.html is the difference of TCL while the the
> static class initializer of a servlet class is executed and the TCL while a
> servlet is running. There are two distinct TCLs. (I've tried this on Tomcat
> 3).
>
>
> At 17:02 26.06.2002 +0200, Ceki Gülcü wrote:
>
>
> >Hello,
> >
> >I have written a short spec on how to achieve separation of logging
> >between different web-applications in a Sevlet Container. It is
> >available at:
> >
> > http://qos.ch/containers/sc.html
> >
> >I would appreciate receiving comments. Thank you,
>
> --
> Ceki
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by Bill Barker <wb...@wilshire.com>.
This is basically the same as
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7654>.
If you set the logger in the init() method, it will work. In light of
section 2.3.2.2 of the 2.3 servlet spec, this is the only safe place to do
any container-sensitive operations.
----- Original Message -----
From: "Ceki Gülcü" <ce...@qos.ch>
To: "Tomcat Developers List" <to...@jakarta.apache.org>
Sent: Wednesday, June 26, 2002 2:57 PM
Subject: Re: Logging separation
A difficulty I encountered while implementing the solution outlined in
http://qos.ch/containers/sc.html is the difference of TCL while the the
static class initializer of a servlet class is executed and the TCL while a
servlet is running. There are two distinct TCLs. (I've tried this on Tomcat
3).
At 17:02 26.06.2002 +0200, Ceki Gülcü wrote:
>Hello,
>
>I have written a short spec on how to achieve separation of logging
>between different web-applications in a Sevlet Container. It is
>available at:
>
> http://qos.ch/containers/sc.html
>
>I would appreciate receiving comments. Thank you,
--
Ceki
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by Ceki Gülcü <ce...@qos.ch>.
At 15:15 26.06.2002 -0700, costinm@covalent.net wrote:
>On Wed, 26 Jun 2002, Ceki Gülcü wrote:
>
>
> > A difficulty I encountered while implementing the solution outlined in
> > http://qos.ch/containers/sc.html is the difference of TCL while the the
> > static class initializer of a servlet class is executed and the TCL
> while a
> > servlet is running. There are two distinct TCLs. (I've tried this on
> Tomcat 3).
>
>That's very strange - Jdk12Interceptor is setting the TCL before
>init/destroy/service, and it should be the same.
I don't know what Jdk12Interceptor is. However, I have clearly observed
that the TCL in use while the code is executing the static class
initializer, as in
private *static* Logger logger = Logger.getLogger();
is different than the TCL in use while executing the servlet init() or
servlet doGet() methods.
One can be easily convinced of this by running the following servlet:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Hi extends HttpServlet {
static {
System.out.println("Hi: static initializer"); System.out.flush();
printTCL();
}
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
System.out.println("Hi.doGet()"); System.out.flush();
printTCL();
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("<html><body>");
out.println("Hi from Hi.");
out.println("</body></html>");
}
static void printTCL() {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
System.out.println("HI: TCL is "+cl); System.out.flush();
}
public void init() {
System.out.println("Hi.init()"); System.out.flush();
printTCL();
}
public void destroy() {
System.out.println("Hi.destroy()"); System.out.flush();
printTCL();
}
}
"Hi" is a trivial servlet but nonetheless instructive.
>What code are you using ?
What I have done was to add the CRS class as it figures in the
specification (i.e. in http://qos.ch/containers/sc.html) into log4j.jar. I
then placed log4j.jar in jre/lib/ext. I also added a
LogManager.setRepositorySelector(new CRS(),..); statement within the
org.apache.tomcat.startup.Main class' main() method. I will be first to
admit this is extremely inelegant but good enough for educational
purposes. (This setup allowed me to ignore the intricacies of Tomcat's
build file.)
>Regarding the document - it looks great.
Thank you.
>One missing part is how the
>JMX part of log4j will name it's objects ( i.e. the Hierarchy must
>have a name ). The container should be able to set this name when
>it creates the hierarchy ( with "vhost:/cpath" for example ).
I agree. There will be a separate JMX document where this will be covered.
>BTW, I will try to implement this at the coyote level, since this
>is likely to be usefull for 3.3, 4.x and 5.0. It will require
>the ADD_CONTEXT callback to work ( that's needed for jk autoconf
>anyway ), and probably few other small changes.
>
>One important issue not covered in the document - the possible
>interaction with the sandbox. If log4j is in the common path,
>it'll probably have high permissions. I assume you don't use
>doPriviledged() in the code, but you probably use some
>queue or similar code - and that may potentially get code to
>be executed with the container permissions, possibly
>allowing untrusted servlets to do bad things.
No, there are no doPriviledged() calls in log4j code. There is indeed a
danger that a bad servlet reconfigures log4j and has log4j write all sorts
of garbage at the wrong places.
>On the same line, it is very likely log4j will not work
>in the sandbox without a doPriviledged() unless the webapps
>have write permission to log/.
>
>Glenn is much better at explaining all this - but it's a serious
>issue.
>
>Costin
Thank you for studying my proposal. I certainly appreciate the interaction.
--
Ceki
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by Glenn Nielsen <gl...@voyager.apg.more.net>.
costinm@covalent.net wrote:
>
> On Wed, 26 Jun 2002, Ceki Gülcü wrote:
>
> > A difficulty I encountered while implementing the solution outlined in
> > http://qos.ch/containers/sc.html is the difference of TCL while the the
> > static class initializer of a servlet class is executed and the TCL while a
> > servlet is running. There are two distinct TCLs. (I've tried this on Tomcat 3).
>
> That's very strange - Jdk12Interceptor is setting the TCL before
> init/destroy/service, and it should be the same.
>
> What code are you using ?
>
> Regarding the document - it looks great. One missing part is how the
> JMX part of log4j will name it's objects ( i.e. the Hierarchy must
> have a name ). The container should be able to set this name when
> it creates the hierarchy ( with "vhost:/cpath" for example ).
>
> BTW, I will try to implement this at the coyote level, since this
> is likely to be usefull for 3.3, 4.x and 5.0. It will require
> the ADD_CONTEXT callback to work ( that's needed for jk autoconf
> anyway ), and probably few other small changes.
>
> One important issue not covered in the document - the possible
> interaction with the sandbox. If log4j is in the common path,
> it'll probably have high permissions. I assume you don't use
> doPriviledged() in the code, but you probably use some
> queue or similar code - and that may potentially get code to
> be executed with the container permissions, possibly
> allowing untrusted servlets to do bad things.
>
> On the same line, it is very likely log4j will not work
> in the sandbox without a doPriviledged() unless the webapps
> have write permission to log/.
>
> Glenn is much better at explaining all this - but it's a serious
> issue.
I like Ceki's proposal. And once the supporting code is in Tomcat I can
run the code with strict permissions and evaluate what changes are
needed so that it works well with the Java SecurityManager.
Regards,
Glenn
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by co...@covalent.net.
On Wed, 26 Jun 2002, Ceki Gülcü wrote:
> A difficulty I encountered while implementing the solution outlined in
> http://qos.ch/containers/sc.html is the difference of TCL while the the
> static class initializer of a servlet class is executed and the TCL while a
> servlet is running. There are two distinct TCLs. (I've tried this on Tomcat 3).
That's very strange - Jdk12Interceptor is setting the TCL before
init/destroy/service, and it should be the same.
What code are you using ?
Regarding the document - it looks great. One missing part is how the
JMX part of log4j will name it's objects ( i.e. the Hierarchy must
have a name ). The container should be able to set this name when
it creates the hierarchy ( with "vhost:/cpath" for example ).
BTW, I will try to implement this at the coyote level, since this
is likely to be usefull for 3.3, 4.x and 5.0. It will require
the ADD_CONTEXT callback to work ( that's needed for jk autoconf
anyway ), and probably few other small changes.
One important issue not covered in the document - the possible
interaction with the sandbox. If log4j is in the common path,
it'll probably have high permissions. I assume you don't use
doPriviledged() in the code, but you probably use some
queue or similar code - and that may potentially get code to
be executed with the container permissions, possibly
allowing untrusted servlets to do bad things.
On the same line, it is very likely log4j will not work
in the sandbox without a doPriviledged() unless the webapps
have write permission to log/.
Glenn is much better at explaining all this - but it's a serious
issue.
Costin
>
>
> At 17:02 26.06.2002 +0200, Ceki Gülcü wrote:
>
>
> >Hello,
> >
> >I have written a short spec on how to achieve separation of logging
> >between different web-applications in a Sevlet Container. It is
> >available at:
> >
> > http://qos.ch/containers/sc.html
> >
> >I would appreciate receiving comments. Thank you,
>
> --
> Ceki
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Logging separation
Posted by Ceki Gülcü <ce...@qos.ch>.
A difficulty I encountered while implementing the solution outlined in
http://qos.ch/containers/sc.html is the difference of TCL while the the
static class initializer of a servlet class is executed and the TCL while a
servlet is running. There are two distinct TCLs. (I've tried this on Tomcat 3).
At 17:02 26.06.2002 +0200, Ceki Gülcü wrote:
>Hello,
>
>I have written a short spec on how to achieve separation of logging
>between different web-applications in a Sevlet Container. It is
>available at:
>
> http://qos.ch/containers/sc.html
>
>I would appreciate receiving comments. Thank you,
--
Ceki
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>