Use log4j in a tomcat with security manager

0
votes

The question is: is it necessary to give read permissions to tomcat-juli.jar for the log4j.properties when you use log4j for tomcat and you are running with security manager? http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j

My ${catalina.base}/conf/catalina.policy

grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {
        .../...
        permission java.io.FilePermission
         "${catalina.base}${file.separator}lib${file.separator}log4j.properties", "read";
        .../...
}

Thanks in advance,

Luis

1
tomcatlog4jsecuritymanager
Have you tried doing it without read permissions? It seems like you could have answered this more quickly by trying it than posting on SO...Christopher Schultz
Hello Chris, of course that I have tried without the permissions. The aim of my question is to find out if my solution is correct or if it is just a workaround.... By the way it does not work without permissions. Anyway thanks for comment!Gaucho

1 Answers

1
votes

Tomcat comes by default with a conf/catalina.policy file that covers its default configuration for use under a Java Security Manager. If you want to use log4j, then yes, you will have to allow tomcat-juli.jar to read conf/log4j.properties.