search

ESAPI / esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
https://owasp.org/www-project-enterprise-security-api/
Other
603 stars 364 forks source link

Issue 710 JUL Respect LogManager Config #744

Closed jeremiahjstacey closed 1 year ago

jeremiahjstacey commented 1 year ago

Closes #710

Updating JUL to check for existing global LogManager configuration prior to applying ESAPI file settings.

Adding tests to verify LogManager Configurations are preferred to the ESAPI configurations.

kwwall commented 1 year ago

Yes, I think so.

On Sun, Oct 9, 2022, 8:23 AM jeremiahjstacey @.***> wrote:

@.**** commented on this pull request.

In src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java https://github.com/ESAPI/esapi-java-legacy/pull/744#discussion_r990782103 :

@@ -48,9 +48,9 @@

  • Options for customizing this configuration (in recommended order)
    2. Consider using the SLF4JLogFactory with a java-logging implementation.
      • Configure java LogManager system properties as defined by the java.util.logging.LogManager API
      • Configure the runtime startup command to set the desired system properties for the java.util.logging.LogManager instance. EG: -Djava.util.logging.config.file=/custom/file/path.properties

@kwwall https://github.com/kwwall Do these updates make the intended difference more clear?

— Reply to this email directly, view it on GitHub https://github.com/ESAPI/esapi-java-legacy/pull/744#pullrequestreview-1135341478, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAO6PG2IP27VPSX2U7AFOF3WCK2MLANCNFSM6AAAAAAQ2PAMNI . You are receiving this because you were mentioned.Message ID: @.***>

kwwall commented 1 year ago

@jeremiahjstacey - Dang, I prematurely did 'Resolve conversation' without getting your feedback. Sorry about that. I guess you we can merge this PR and your can add a link to the Javadoc to the new GitHub wiki page in a separate PR. Or, if you want to add a new commit to that for this PR, let me know. I'll hold off merging this until I hear from you how you wish to handle it.

jeremiahjstacey commented 1 year ago

esapi_java_log_config.md

Thanks for the feedback. I will need to refresh my memory on how to interact with the wiki again -- been a little while for that. I've integrated your suggestion into the content and attached the result (above) for safe-keeping until the wiki integration is complete.

kwwall commented 1 year ago

@jeremiahjstacey - While the 3 of us should be able to manage the GitHub wiki via git, I have found that it is much easier to just manage it directly from GitHub (unless you have massive updates to multiple pages). Just go to https://github.com/ESAPI/esapi-java-legacy/wiki and click on 'New Page', then give that page a title and copy/paste the contents of you .md file into the main wiki description area.

jeremiahjstacey commented 1 year ago

https://github.com/ESAPI/esapi-java-legacy/wiki/Configuration-Reference:-JavaLogFactory

Thanks! That worked great.

Javadoc is updated and pushed, but I can certainly adjust the page name if desired.

kwwall commented 1 year ago

@jeremiahjstacey - The name of the wiki page is fine by me. Merging.