[Esapi-user] Console Logging

Jim Manico jim.manico at owasp.org
Fri Dec 3 12:42:55 EST 2010


Chris,
 
This is overly complex. In the short term, I'd recommend just redirecting System.out and System.err to your logger. You can do this without touching the ESAPI code. In fact, I think this is the final solution so we can close this issue. See:

http://edivad.wordpress.com/2007/02/26/systemout-and-systemerr-over-log4j/

For more information.

-Jim Manico
http://manico.net

On Dec 3, 2010, at 11:24 AM, Chris Schmidt <chris.schmidt at owasp.org> wrote:

> There is no mechanism for doing this at the current time, however – it would seem this would be a fairly standard request (at least to just be able to disable the console logging at startup) 
> 
> Would it be acceptable to disable console logging with an option passed into such as 
> 
> -Desapi.logspecial.enabled=false
> 
> I think we will want this enabled by default, but I agree that there should be a means to turn it off. 
> 
> As for redirecting the output to another logger – it would be possible but it would have to be code that you wrote. Since the logSpecial methods are currently private you would have to write your own implementation. However, it would probably make sense to make the logSpecial methods protected so that a custom implementation could be written which redirects logSpecial calls to some other logger.
> 
> You could do something like this:
> 
> Public class MySecurityConfiguration extends DefaultSecurityConfiguration {
>    @Override
>    protected void logSpecial(String message) {
>       MyLogger.logMessage(message);
>    }
> 
>    @Override
>    protected void logSpecial(String message, Exception e) {
>       MyLogger.logError(e, message);
>    }
> }
> 
> This would be a simple change to make – but like I said, it is dependent on the logSpecial methods being changed to protected scope since they are currently private.
> 
> Either way, to implement this will require changes to the ESAPI DefaultSecurityConfiguration class – can you add your request to the google code issue tracker so we can vote and discuss there?
> 
> On 12/3/10 9:49 AM, "Springett Steven" <sspringett at us.axway.com> wrote:
> 
>   I'm having an issue with logging in esapi.
>  
>  When my application is starting up, it initializes it's logging and does other things, then it loads esapi. The esapi logger is not initialized yet so it dumps a bunch of logging messages to System.out via the logSpecial() method.
>  
>  What I would like is a way to configure esapi to disable console logging or to redirect console logging to another type of object which then could be used by my application that already has it's loggings system initialized.
>  
>  This is the issue that I'm currently having. My server is a console-based app. Startup should look like this:
>  
>  
>  MyApp Service Starting
>    License successfully validated
>    Loading database schemas
>      Database schema being created or updated for MyApp
>  Finished loading database schemas
>  MyApp Service Started
>  
>  Instead, it looks like this:
>  
>  MyApp Service Starting
>    License successfully validated
>    Loading database schemas
>      Database schema being created or updated for MyApp
>  Finished loading database schemas
>  Attempting to load ESAPI.properties via file io.
>  Attempting to load ESAPI.properties via file io.
>  Found in 'org.owasp.esapi.resources' directory: C:\MyApp\conf\esapi\ESAPI.properties
>  Loaded 'ESAPI.properties' properties file
>  Attempting to load validation.properties via file io.
>  Attempting to load validation.properties via file io.
>  Found in 'org.owasp.esapi.resources' directory: C:\MyApp\conf\esapi\validation.properties
>  Loaded 'validation.properties' properties file
>  MyApp Service Started
>  
>  
>  Redirecting System.out and System.err to log4j (what my app uses) prior to esapi loading solves this issue, the problem then is that the last line "MyApp Service Started" never appears, which is critical.
>  
>  --Steve
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
> 
> Chris Schmidt
> ESAPI Project Manager (http://www.esapi.org)
> ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
> Blog: http://yet-another-dev.blogspot.com
> 
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20101203/3417f91b/attachment.html 


More information about the Esapi-user mailing list