[Esapi-user] Console Logging

Chris Schmidt chris.schmidt at owasp.org
Fri Dec 3 12:24:38 EST 2010


There is no mechanism for doing this at the current time, however ­ it would
seem this would be a fairly standard request (at least to just be able to
disable the console logging at startup)

Would it be acceptable to disable console logging with an option passed into
such as 

-Desapi.logspecial.enabled=false

I think we will want this enabled by default, but I agree that there should
be a means to turn it off.

As for redirecting the output to another logger ­ it would be possible but
it would have to be code that you wrote. Since the logSpecial methods are
currently private you would have to write your own implementation. However,
it would probably make sense to make the logSpecial methods protected so
that a custom implementation could be written which redirects logSpecial
calls to some other logger.

You could do something like this:

Public class MySecurityConfiguration extends DefaultSecurityConfiguration {
   @Override
   protected void logSpecial(String message) {
      MyLogger.logMessage(message);
   }

   @Override
   protected void logSpecial(String message, Exception e) {
      MyLogger.logError(e, message);
   }
}

This would be a simple change to make ­ but like I said, it is dependent on
the logSpecial methods being changed to protected scope since they are
currently private.

Either way, to implement this will require changes to the ESAPI
DefaultSecurityConfiguration class ­ can you add your request to the google
code issue tracker so we can vote and discuss there?

On 12/3/10 9:49 AM, "Springett Steven" <sspringett at us.axway.com> wrote:

>    I'm having an issue with logging in esapi.
>  
>  When my application is starting up, it initializes it's logging and does
> other things, then it loads esapi. The esapi logger is not initialized yet so
> it dumps a bunch of logging messages to System.out via the logSpecial()
> method.
>  
>  What I would like is a way to configure esapi to disable console logging or
> to redirect console logging to another type of object which then could be used
> by my application that already has it's loggings system initialized.
>  
>  This is the issue that I'm currently having. My server is a console-based
> app. Startup should look like this:
>  
>  
>  MyApp Service Starting
>    License successfully validated
>    Loading database schemas
>      Database schema being created or updated for MyApp
>    Finished loading database schemas
>  MyApp Service Started
>  
>  Instead, it looks like this:
>  
>  MyApp Service Starting
>    License successfully validated
>    Loading database schemas
>      Database schema being created or updated for MyApp
>    Finished loading database schemas
>  Attempting to load ESAPI.properties via file io.
>  Attempting to load ESAPI.properties via file io.
>  Found in 'org.owasp.esapi.resources' directory:
> C:\MyApp\conf\esapi\ESAPI.properties
>  Loaded 'ESAPI.properties' properties file
>  Attempting to load validation.properties via file io.
>  Attempting to load validation.properties via file io.
>  Found in 'org.owasp.esapi.resources' directory:
> C:\MyApp\conf\esapi\validation.properties
>  Loaded 'validation.properties' properties file
>  MyApp Service Started
>  
>  
>  Redirecting System.out and System.err to log4j (what my app uses) prior to
> esapi loading solves this issue, the problem then is that the last line "MyApp
> Service Started" never appears, which is critical.
>  
>  --Steve
> 
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user

Chris Schmidt
ESAPI Project Manager (http://www.esapi.org)
ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
Blog: http://yet-another-dev.blogspot.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20101203/a49dcfad/attachment.html 


More information about the Esapi-user mailing list