Use log4j in a tomcat with security manager

Question

The question is: is it necessary to give read permissions to tomcat-juli.jar for the log4j.properties when you use log4j for tomcat and you are running with security manager? http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j

My ${catalina.base}/conf/catalina.policy

grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {
        .../...
        permission java.io.FilePermission
         "${catalina.base}${file.separator}lib${file.separator}log4j.properties", "read";
        .../...
}

Thanks in advance,

Luis

Have you tried doing it without read permissions? It seems like you could have answered this more quickly by trying it than posting on SO... — Christopher Schultz, Aug 10 '13 at 13:15
Hello Chris, of course that I have tried without the permissions. The aim of my question is to find out if my solution is correct or if it is just a workaround.... By the way it does not work without permissions. Anyway thanks for comment! — Gaucho, Aug 12 '13 at 07:40

score 1 · Accepted Answer · answered Aug 17 '13 at 12:23

1

Tomcat comes by default with a conf/catalina.policy file that covers its default configuration for use under a Java Security Manager. If you want to use log4j, then yes, you will have to allow tomcat-juli.jar to read conf/log4j.properties.

answered Aug 17 '13 at 12:23

Christopher Schultz

20,221
9
60
77

Use log4j in a tomcat with security manager

1 Answers1