Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    smart client with log4j2

    Hi ,
    I am using smartwgt components of version 9.0. We are planning to move to log4j2 so i made all the necessary changes to build the application.Everything like compile,loading the server is fine, but the problems comes from the isomorphic jar's, it is expecting a class org.apache.log4j.spi.RootLogger which is not in the log4j2.so it is not able to send the server push will you please help me regarding this?

    #2
    Hi pankajkumarroy,

    please see this thread and leave your +1 there.

    Best regards
    Blama

    Comment


      #3
      See the Server Logging overview. SmartGWT already supports log4j2 by way of slf4j.

      Comment


        #4
        Hi,
        I tried using the config set up of using sl4j, but still i am getting this exception java.lang.NoClassDefFoundError: org/apache/log4j/spi/RootLogger
        at com.isomorphic.base.Init.<clinit>(Init.java:68)
        at com.isomorphic.servlet.BaseServlet.init(BaseServlet.java:132)
        at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1284)
        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1197)
        at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:864)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:134)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

        Comment


          #5
          The log4j .jars must be there, but this does not mean that you cannot use another logging framework.

          Comment


            #6
            Originally posted by Isomorphic View Post
            The log4j .jars must be there, but this does not mean that you cannot use another logging framework.
            Hello, do you mean even we are using log4j2, we still need keep the log4j 1 jars in the classpath to make smartclient work?

            Comment


              #7
              Yes, that's correct. The presence of the .jar has no impact at runtime except to avoid this error. Later versions will be eliminate the dependency however.

              Comment


                #8
                Originally posted by Isomorphic View Post
                Yes, that's correct. The presence of the .jar has no impact at runtime except to avoid this error. Later versions will be eliminate the dependency however.
                all right, thanks for the clarification.
                BTW, Do we have an idea in which version the dependency will be eliminated, because we see below vulnerability in the log4j jar.
                NVD CVE-2019-17571
                Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

                Comment


                  #9
                  That vulnerability isn't relevant to how we use log4j, whether you use log4j 1.2 or another logging system.

                  Comment


                    #10
                    Originally posted by Isomorphic View Post
                    Yes, that's correct. The presence of the .jar has no impact at runtime except to avoid this error. Later versions will be eliminate the dependency however.
                    hello, we are planning to upgrade our project to smart client 12, is the log4j 1 depencey been removed in the latest sc12?

                    Comment


                      #11
                      Yes, it's been removed since 2015 (version 10.1 and up).

                      Comment

                      Working...
                      X