Skip to content

Commit

Permalink
Merge pull request #8377 from IQSS/ds48-l4j-upgrade
Browse files Browse the repository at this point in the history
Getting rid of log4j1 in the war file
  • Loading branch information
kcondon authored Feb 2, 2022
2 parents fa503b8 + 790fe1f commit eac963e
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 15 deletions.
2 changes: 1 addition & 1 deletion checkstyle.xml
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@
</module>
-->
<module name="IllegalImport">
<property name="illegalPkgs" value="org.apache.commons.lang"/>
<property name="illegalPkgs" value="org.apache.commons.lang, org.apache.log4j"/>
</module>
<!-- <module name="RedundantImport"/> -->
<!-- <module name="UnusedImports">
Expand Down
36 changes: 30 additions & 6 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@
<payara.version>5.2021.5</payara.version>
<postgresql.version>42.2.19</postgresql.version>
<aws.version>1.11.762</aws.version>
<slf4j.version>1.7.32</slf4j.version>
<slf4j.version>1.7.35</slf4j.version>
<reload4j.version>1.2.18.4</reload4j.version>
<commons.io.version>2.11.0</commons.io.version>
<commons.logging.version>1.2</commons.logging.version>
<commons.lang3.version>3.12.0</commons.lang3.version>
Expand Down Expand Up @@ -223,16 +224,14 @@
<artifactId>slf4j-jdk14</artifactId>
<version>${slf4j.version}</version>
</dependency>
<!-- In *theory* the log4j12 bridge should not be made convergent, as WE decide which way logs flow.
Libraries should *only* rely on the api package. But sometimes... :-/ -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<artifactId>jcl-over-slf4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<artifactId>jul-to-slf4j</artifactId>
<version>${slf4j.version}</version>
</dependency>

Expand All @@ -253,7 +252,7 @@
<artifactId>slf4j-jdk14</artifactId>
</dependency>

<dependency>
<dependency>
<groupId>org.passay</groupId>
<artifactId>passay</artifactId>
<version>1.6.0</version>
Expand Down Expand Up @@ -573,6 +572,11 @@
<!-- is still buggy. As an experiment, I'm using -->
<!-- a patched version I built locally. -->
<!-- (pull requests pending - L.A. -->
<!-- These locally-built XOAI libraries are still a serious debt -->
<!-- that needs to be addressed. Adding explicit "exclusion" entries -->
<!-- below for the immediate purpose of getting rid of the log4j library -->
<!-- that was being added to the project via these dependencies. (L.A. - Jan. 2022) -->
<!-- (note the reload4j explicitly added below as a replacement! -->
<dependency>
<groupId>com.lyncode</groupId>
<artifactId>xoai-common</artifactId>
Expand All @@ -582,11 +586,31 @@
<groupId>com.lyncode</groupId>
<artifactId>xoai-data-provider</artifactId>
<version>4.1.0-header-patch</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.lyncode</groupId>
<artifactId>xoai-service-provider</artifactId>
<version>4.1.0-header-patch</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- reload4j is a drop-in security patch/replacement for log4j1. -->
<!-- it is here because the XOAI libraries above need it. -->
<!-- (https://reload4j.qos.ch/) -->
<dependency>
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
<version>${reload4j.version}</version>
</dependency>
<!-- Added for AutoService -->
<dependency>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,6 @@
import javax.validation.ConstraintViolation;
import javax.validation.ConstraintViolationException;

import org.apache.log4j.lf5.LogLevel;

/**
* An EJB capable of executing {@link Command}s in a JEE environment.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,16 @@
import com.lyncode.xoai.dataprovider.repository.Repository;
import com.lyncode.xoai.services.api.DateProvider;
import com.lyncode.xoai.services.impl.UTCDateProvider;
import org.apache.log4j.Logger;

import static com.lyncode.xoai.dataprovider.parameters.OAIRequest.Parameter.*;

import java.util.logging.Logger;

/**
*
* @author Leonid Andreev
*/
public class XdataProvider {
private static Logger log = Logger.getLogger(XdataProvider.class);
private static Logger log = Logger.getLogger(XdataProvider.class.getCanonicalName());

public static XdataProvider dataProvider (Context context, Repository repository) {
return new XdataProvider(context, repository);
Expand Down Expand Up @@ -59,7 +59,7 @@ public OAIPMH handle (Builder<OAIRequest> builder) throws OAIException {
}

public OAIPMH handle (OAIRequest requestParameters) throws OAIException {
log.debug("Handling OAI request");
log.fine("Handling OAI request");
Request request = new Request(repository.getConfiguration().getBaseUrl())
.withVerbType(requestParameters.get(Verb))
.withResumptionToken(requestParameters.get(ResumptionToken))
Expand Down Expand Up @@ -98,7 +98,7 @@ public OAIPMH handle (OAIRequest requestParameters) throws OAIException {
break;
}
} catch (HandlerException e) {
log.debug(e.getMessage(), e);
log.fine("HandlerException when executing "+request.getVerbType()+": " + e.getMessage());
response.withError(errorsHandler.handle(e));
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@
import javax.json.JsonValue;

import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.log4j.lf5.LogLevel;

public class OREMap {

Expand Down

0 comments on commit eac963e

Please sign in to comment.