Use log4j in a tomcat with security manager

StackOverflow https://stackoverflow.com/questions/18147885

  •  24-06-2022
  •  | 
  •  

Question

The question is: is it necessary to give read permissions to tomcat-juli.jar for the log4j.properties when you use log4j for tomcat and you are running with security manager? http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j

My ${catalina.base}/conf/catalina.policy

grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {
        .../...
        permission java.io.FilePermission
         "${catalina.base}${file.separator}lib${file.separator}log4j.properties", "read";
        .../...
}

Thanks in advance,

Luis

Was it helpful?

Solution

Tomcat comes by default with a conf/catalina.policy file that covers its default configuration for use under a Java Security Manager. If you want to use log4j, then yes, you will have to allow tomcat-juli.jar to read conf/log4j.properties.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top