How does simply adding slf4j to the pom.xml wrap log4j? - spring

From what I have seen in example spring pom.xml files is that they add a few entries for slf4j and log4j and somehow when you use log4j in your spring application it will be wrapped by slf4j library.
Can someone explain to me how this magically happens?

Spring still uses commons-logging for all the internal logging (backwards compatibility).
If you wish to use some other logging framework (log4j) then you need to bridge the calls from commons logging to your framework of choice. Otherwise you will have to maintain multiple logging configurations.
slf4j acts as a simple facade for various logging frameworks (jul, log4j, jcl, logback) and allows you to plug in the desired logging framework at deployment time.
Instead of using the logging framework implementation that is imposed by the third party framework you provide the slf4j's bridge implementation that acts like the real thing but really just forwards the logging calls to slf4j or its concrete binding.
Logging section of Maven pom.xml usually looks like this:
<!-- remove the real commons-logging from classpath -->
<!-- declare as provided or exclude from spring jars -->
<dependency>
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
<version>1.0</version>
<scope>provided</scope>
</dependency>
<!-- add slf4j interfaces to classpath -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.6.4</version>
<scope>compile</scope>
</dependency>
<!-- add commons logging to slf4j bridge to classpath -->
<!-- acts as jcl but routes commons-logging calls to slf4j -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.6.4</version>
<scope>runtime</scope>
</dependency>
<!-- add log4j binding to classpath -->
<!-- routes slf4j calls to log4j -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.6.4</version>
<scope>runtime</scope>
</dependency>
<!-- add log4j to classpath -->
<!-- does the logging -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
</dependency>
This has nothing to do with the Spring container nor dependency injection, it is pure classpath, classloader stuff...
Please see the following links for further details.

slf4j is a logging API, which doesn't do anything, just bunch of interfaces. log4j is a logging system, with concrete classes. there is a slf4j-log4j library which uses log4j as a backend for the slf4j API.
Some projects explicitly depend on log4j, they call concrete classes. So, you cannot use another backend (e.g. logback or j.u.l or apache commons or whatever) for your project which you wisely made using the slf4j API only.
There is a trick to substitute log4j classes by a mock implementation (the bridge) which just simply redirects all calls to the sl4j. In maven you just declare a dependency with very high version number and this mock considered as ultra-modern log4j library.

try with adding :
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>

Related

Autoconfiguation excluded but embedded servlet container is still being used

I've followed all the steps mentioned in the documentation to enable the traditional war deployment for spring boot app i.e excluded the EmbeddedServletContainerAutoConfiguration from the #EnableAutoConfiguration and I only have one such instance. Also extended SpringBootServletInitializer and make sure the packaged war doesnt have any tomcat starter dependency. Also ran the spring boot report and confirmed the EmbeddedServletContainerAutoConfiguration is in the exclusion list.
Apart from all the changes when I deploy the war it is still creating a embedded application context with embedded servlet contatiner.
What did I miss and what other areas can I inspect ? Spring boot version 1.5.13.
>
Hi Veeram,
We do not need to exclude the AutoConfiguration-classes, but excluding the tomcat dependency is needed.
You need to do is omit tomcat starter dependency from pom.xml. It gets pulled from spring-boot-starter-web as a transitive dependency. So, you need to add exclusion for it:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
Now, as you are using <packaging>war</packaging> and using SpringBootServletInitializer, we would need servlet-api dependency on the classpath.
So, add the servlet dependency to your pom.xml
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
Hope this helps!

ERROR:The type org.apache.log4j.Logger cannot be resolved. It is indirectly referenced from required .class files

Trying to upgrade a project from using Camel v2.21.2 to using Camel v2.22.0
This entails going from Spring v4.x to v5.x and from Spring-boot v1.5.x to Spring-boot v2.0.4.RELEASE.
Project uses groovy-all 2.4.15. We are not using log4j in our project, we are using slf4j-api(1.7.25) and logback(1.2.3) in our project. Yet, running a Maven install is giving an error saying that some class is using log4j
When I added log4j(1.2.17) dependency it is working fine but we don't want to add it.
Is there something that can be excluded from the spring-boot starter? Any other solutions? Any hints on how to diagnose the problem?
I think log4j or log4j2 should be in the classpath. Spring Boot v2.0.x has log4j2 added. If log4j2 is not compatible with Camel version. Exclude the log4j2 and add log4j dependency and try . Hope it should work..!
<!-- Exclude Spring Boot's Default Logging -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Add Log4j Dependency -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j</artifactId>
</dependency>

Maven Class path error multiple SLF4J bindings

I have been getting this error while trying to do a MAVEN INSTALL. I tried exclusions, but not sure the where to include in pom file. Let me how and what exclusion tags should i include in my pom file. I am also attaching my pom file snippet where to include the exclusions`SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in
[jar:file:/C:/Users/147188/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in
[jar:file:/C:/Users/147188/.m2/repository/org/apache/logging/log4j/log4j-slf4j-impl/2.10.0/log4j-slf4j-impl-2.10.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an
explanation. SLF4J: Actual binding is of type
[ch.qos.logback.classic.util.ContextSelectorStaticBinder]
POM file:
<!-- Start of required part to make log4j work -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- End of required part to make log4j work -->
1 Run
mvn dependency:tree
to see which package import org.slf4j
2 keep one, and exclude other
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
Correct way to exclude default logging, and configure log4j for logging.
Add this dependency in Spring Boot project, if it is not already there
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
Refer Spring Logging - How To.
That message indicates that you are bringing in both logback-classic and log4j-slf4j-impl, which both want to be the logging framework for SLF4J to bind to. If you're not sure which dependency is bringing in which other dependencies, I find it very useful to run "mvn dependency:tree" to see the tree of dependencies being used. That should give you enough information to figure out which logging framework binding you need to exclude.
As the documentation that the warning points to you says,
Embedded components such as libraries or frameworks should not declare a dependency on any SLF4J binding but only depend on slf4j-api. When a library declares a compile-time dependency on a SLF4J binding, it imposes that binding on the end-user, thus negating SLF4J's purpose. When you come across an embedded component declaring a compile-time dependency on any SLF4J binding, please take the time to contact the authors of said component/library and kindly ask them to mend their ways.
You pretty much want to exclude all actual logging frameworks from all dependencies, so that the only logging framework being used is the one you've explicitly added. I even often find it useful to set up some maven-enforcer-plugin bannedDependencies rules to ensure that I don't accidentally bring in another logging framework when updating my dependencies. It can also be helpful to use dependencyManagement sections in your POM to ensure that all your dependencies use the same version of slf4j-api.
I ran into same log4j-slf4j multiple binding issue. There are multiple reasons which caused this issue (Struggled a lot for this issue :) ). Please find below comments.
I was using Spring-Boot version 1.4.7, which internally configured with slf4j-1.7.25 version. Below is the url link, where you can find Spring-Boot version and respective module versions.
https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-dependencies/
It seems when you use "spring-boot-starter" dependency, SB(Spring-Boot) will automatically download all these dependent modules. In my project, i was using slf4j-1.7.21, which created multiple slf4j version issue. In short, SB was not able to identify which slf4j version to use at runtime. So, first I changed my slf4j version to 1.7.25(which is compatible with Spring-Boot version 1.4.7).
Next you need to exclude right module (in my case exclusion of log4j-over-slf4j, logback-classic worked). You need to add below exclusions in all of spring-boot-starter-** module. For Eg : Here I am adding exclusion for spring-boot-starter-data-redis.
Hope this will resolve issue.

Spring Boot logging with Log4j2

Written simple POC to prove and test Spring Boot and log4j2 compatibility. Once successful I will move it to real application.
Please refer my POC source code:
https://github.com/Dennyss/SpringBootLog4j2POC
I know/read about Spring version and log4j2 compatibility from:
How to set up Spring Boot and log4j2 properly?
Found and tried recommendations described here:
Spring-Boot logging with log4j2?
But still not working. The problem is that both application logs and Spring logs are printing to console only.
Please refer maven dependencies below (from POC):
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.6.2</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.6.2</version>
</dependency>
</dependencies>
If I don't exclude Spring's logback and don't add boot-starter-log4j2 then application logs are printing to application file but Spring logs are not printing at all. I feel the problem somewhere with dependencies. Appreciate any help.
According to the Spring Boot Logging documentation, the location of the logging configuration file can be specified using the logging.config property. I noticed that your start.sh script is passing -Dlog4j.configurationFile. Normally, this would be sufficient for direct Log4J 2 integration, but Spring Boot uses logging.config.
After switching to this, it writes to the log files:
java -Dlogging.config=/share/LogPOC/log4j2.xml -cp poc.jar:libs/* com.poc.logger.Application

why is the scope of RestEasy compile in the pom.xml when the container (JBOSS) provides it?

Here is the relevant portion of pom.xml
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jackson-provider</artifactId>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.spec</groupId>
<artifactId>jboss-javaee-all-5.0</artifactId>
<scope>provided</scope>
</dependency>
Why is the scope of resteasy compile (which is default, when none is provided) but that of javax.servlet is provided. I am deploying this on Jboss which ships with resteasy. so shouldn't the scope of resteasy be provided as well?
and btw, I do not see any version mentioned. so what is the default version that gets picked up?
If you are using jboss 7, resteasy-jackson-provider is included, so it would be correct to use a provided scope.
I guess default version is being picked up from a bom declared in the dependencyManagement section of your pom, could that be right?
For older jboss versions, resteasy is not included, so you will have to add the jars to your WEB-INF/lib directory.
Necessary jars can be obtained using maven (compile scope) or check out this link http://www.mastertheboss.com/jboss-frameworks/resteasy/resteasy-tutorial
The RESTEasy API and runtime is provided by newer versions of JBoss. Usually you import a Java EE-spec pom in the dependencyManagaement section and add the needed APIs in the dependency section, e.g for JBoss AS7:
<dependencyManagement>
<dependency>
<groupId>org.jboss.spec</groupId>
<artifactId>jboss-javaee-6.0</artifactId>
<version>3.0.2.Final</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_1.1_spec</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
The runtime will use the JSON-Provider which is found on the classpath. So it makes sense to add them with scope compile to your project. If you want to use Jettison you'd add following to your pom:
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jettison-provider</artifactId>
</dependency>
If you don't add one your application server may provide a default one. JBoss AS7 / Wildfly for instance will use resteasy-jackson-provider if you don't add a provider to the classpath.
JBoss 5 does not provide the JAX-RS libs as far as I know so there it makes sense to add the resteasy-jackson-provider with scope compile.

Resources