Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing behavior of logback-access in the modern era #532

Merged
merged 2 commits into from
Aug 19, 2022

Conversation

joakime
Copy link
Contributor

@joakime joakime commented Oct 14, 2021

  • Fixes LOGBACK-1580 to report the proper HttpServletResponse.getStatus() that was used when the response was committed.
  • Works around LOGBACK-1581 in AccessEvent to not fail logging when the HttpServletRequest.getParameterNames() or HttpServletRequest.getParameter(String) methods are used against unread or even bad request objects.
  • Updated Javadoc (needs to be copied over to logback manual though)
  • Must use OpenJDK 1.8 to compile and release.
  • Still compiles to Java 1.6 bytecode for release.

+ Fixes LOGBACK-1580 to report the proper
  HttpServletResponse.getStatus() that was used
  when the response was committed.
+ Works around LOGBACK-1581 in AccessEvent to
  not fail logging when the
    HttpServletRequest.getParameterNames() or
    HttpServletRequest.getParameter(String)
  methods are used against unread or even bad
  request objects.
+ Updated Javadoc (needs to be copied over
  to logback manual though)
+ Must use OpenJDK 1.8 to compile and release.
+ Still compiles to Java 1.6 bytecode for release.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
String key = e.nextElement();
requestParameterMap.put(key, httpRequest.getParameterValues(key));
}
} catch(Throwable t) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Servlet Spec doesn't specify the exceptions that can happen here.
It can be something as simple as an IOException (which is a checked exception) that has to be wrapped in something else.
It can be a parsing issue, it can be a Socket issue, it can be charset issue, etc...

Unlike a normal webapp and how it handles failure, a RequestLog cannot skip its logging.
Ideally, a RequestLog should never call a method that changes the Request or Response state.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, I totally get why you catching ALL exceptions.
My only concern is why are you catching Throwable.

The servlet spec may not specify exceptions that can happen but I bet they still are Exceptions and I really, really doubt it says anywhere you should be prepared for Errors there. Errors are usually reserved for some non-recoverable things that JVM may throw (OOM being a good example).

Catching Exception covers both checked exceptions and unchecked (RuntimeException) but not Errors. Catching Throwable adds these Errors which is not always a good idea. Throwables are rarely caught - most likely as a top-level catch-all things in some frameworks just to log stuff that otherwise would go unnoticed etc.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Servlet spec operates on/at the Throwable level, not Exception.

You can map Throwables to Error Page mappings.
You get notified of issue with Async via the AsyncEvent which does it via Throwable.
The WriteListener and ReadListener onError methods are Throwable based.
etc ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's a few things that can happen at the Error level within the Servlet that are non-fatal for the JVM or ServletContext ...

  • XML initialization errors (stream, parser, validation, etc) (endpoint specific)
  • java.io.IOError with non-socket based connections/connectors (like UnixSocket)
  • ServiceLoader and Service provider errors. (endpoint specific)
  • java.nio.Charset encode/decode errors. (request specific)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logging here in RequestLog should not fail for a fault out of its control.

} catch (Exception e) {
// FIXME Why is try/catch required?
e.printStackTrace();
} catch (Throwable t) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto here.

The Servlet Spec doesn't specify the exceptions that can happen here.
It can be something as simple as an IOException (which is a checked exception) that has to be wrapped in something else.
It can be a parsing issue, it can be a Socket issue, it can be charset issue, etc...

Unlike a normal webapp and how it handles failure, a RequestLog cannot skip its logging.
Ideally, a RequestLog should never call a method that changes the Request or Response state.

@zUniQueX
Copy link

@ceki could we get this merged? This prevents updating Jetty to 10.x.x, since logback assumes a method of signature org.eclipse.jetty.http.HttpFields org.eclipse.jetty.server.Response.getHttpFields() instead of org.eclipse.jetty.http.HttpFields$Mutable org.eclipse.jetty.server.Response.getHttpFields() to be provided.

@zUniQueX
Copy link

Any updates on this? This still prevents using recent Jetty versions in combination with Logback

@zUniQueX
Copy link

@ceki After revisiting this, I think this PR is the only solution to use Jetty 10.0.x with Logback.

As mentioned in [Logback-1610] the correct approach to support Jetty 10.0.x would be to use different modules for Jetty 10.0.x and Jetty 11.0.x. But this isn't possible at the moment (see 2ff2d4e). IAccessEvent would have to be provided in two versions and therefore logback-access would completely have to be split into two modules. Additionally, it would require a second module for logback-core, because the ViewStatusMessagesServletBase also depends on classes from the servlet-api package.

So my suggestion would be to provide support for Jetty 10.0.x in the Logback 1.2.x branch and remove it from the 1.3.x series in favor of support for Jetty 11.0.x.

@joakime
Copy link
Contributor Author

joakime commented Aug 17, 2022

I'm out at the moment, I can review this at the end of the month.

@ceki ceki merged commit ca0cf17 into qos-ch:branch_1.2.x Aug 19, 2022
@ceki
Copy link
Member

ceki commented Aug 19, 2022

Merged into master (logback 1.3.0-bata1).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants