As discussed here [1] and here [2], Tomcat needs a set of jarsToScan properties to counteract jarsToSkip properties. General thoughts through the discussions: > First of all, how does it work? The suggestion is: > If jarsToScan matches, scan it > else if jarsToSkip matches, skip it > else scan it > three new system properties > tomcat.util.scan.DefaultJarScanner.jarsToScan > org.apache.catalina.startup.ContextConfig.jarsToScan > org.apache.catalina.startup.TldConfig.jarsToScan Discussions also indicated general support for the need to be able to have different jarsToScan/jarsToSkip settings per web application, possibly in the form of a /WEB-INF/tomcat.[properties | xml] file, or new settings in /META-INF/context.xml. Such a solution could also be used to accomplish the suggestion at bug 52924. [1] http://tomcat.markmail.org/thread/qanw2psjsx32feek [2] http://tomcat.markmail.org/thread/b5jubhriaovypbfy
Of course this is an enhancement. By mad for categorizing it incorrectly. I WOULD argue that the priority on this enhancement is high, but it is still an enhancement.
You can read about the Log4j tag library, available since Log4j 2.0.0-beta5, here: http://logging.apache.org/log4j/2.x/log4j-taglib/index.html. As Log4j 2 approaches its general availability, this is going to start becoming a bigger issue. At the very least, the log4j*.jar exclusion in the stock catalina.properties needs to be removed from Tomcat 7 and 8. Of course, if there were a jarsToScan property as this bug suggests, it could contain a stock *taglib*.jar or log4j-taglib*.jar inclusion that would negate the need to remove log4j*.jar from the exclusions. There was a good deal of discussion about this back on February 21-26, and then it just died. Is there someone willing to pick this up? This is a bigger task than I have the time or Tomcat knowledge to tackle, I'm afraid.
This has been implemented in trunk for Tomcat 8. The changes are non-trivial to back-port. I don't intend proposing a back-port of these changes. The log4j issue can be resolved by a less broad exclusion in jarsToSkip such as log4j-1*.jar (although I note log4j-core.jar shipped with 1.0.x and 1.1.x and is not log4j-2.x specific). I'll leave this open a little while in case someone wants to look at a back port. In not, I'll change the version to 8.0.x and resolve it as fixed.
Created attachment 30562 [details] Patch to keep Log4j 2 JARs from being skipped in Tomcat 7 I've attached a patch to keep the Log4j 2 JARs from being skipped. Can you apply this in trunk and Tomcat 7? Thanks.
Created attachment 30566 [details] Patch to keep Log4j 2 JARs from being skipped in Tomcat 8 The previous patch I attached is sufficient for Tomcat 7. However, it can still result in some unnecessary scanning of Log4j JARs. There's nothing we can do about that in Tomcat 7 without porting this entire change back, but with the new jarsToScan setting in Tomcat 8 we can do this better in trunk. I have attached a second patch, this one for Tomcat 8 (trunk).
As discussed previously, thsi has been fixed for 8.0.x and will not be back-ported to 7.0.x. Nick's patches have been applied.
Excellent. Thanks!