Logging in external authentication servlets: advice sought

Cantor, Scott cantor.2 at osu.edu
Mon Feb 25 19:44:58 EST 2013

On 2/25/13 7:26 PM, "Erdos, Marlena" <marlena_erdos at harvard.edu> wrote:

>I see that the IdP (version 2.3.8) has log4j-over-slf4j-1.6.4.jar in its
>lib directory and that the classes in this jar overlap with the classes in
>log4j-1.2.17.jar. That worries me :-).   (Therefore I haven't added the
>log4j*17.jar to the lib directory.)
>What's the right thing to do?

Use slf4j as the API. Actual logging is handled by the back-end plugins to
slf4j, which in the IdP is logback by default.

The shims are there to support jars hardwired to use other APIs like log4j.

>My strong inclination is to keep my logs separate from the IdP's.

That would be a bad idea IMHO.

You can do anything you want to separate your logging on the back-end, but
don't mix logging APIs for no reason.

-- Scott

More information about the users mailing list