Re: New API for log level manipulation

Sat, 02 Nov 2024 16:15:38 -0700 

Hi Gary,

On 2.11.2024 23:14, Gary D. Gregory wrote:

In general, talking about API signatures without (pseudo)-Javadoc is not great, 
there is too much wrong for miscommunication or plain old guesing.
FWIW, the JavaDoc is there in my repo[1] together with a short README[2]. I only removed it to shorten my post to `dev@logging`. 


[1] 
https://github.com/ppkarwasz/logging-admin/blob/main/api/src/main/java/org/apache/logging/admin/LoggingConfigurationAdmin.java


[2] https://github.com/ppkarwasz/logging-admin/blob/main/README.adoc


      static LoggingConfigurationAdmin getInstance(Object token,
ClassLoader classLoader);
      static LoggingConfigurationAdmin getInstance(Object token);

Why do I need those AND getLoggerContext()?

I though the point of this interface was a one-stop-shop. What's 
LoggingConfigurationAdmin  doing for me?

...

2. How do we prevent users from abusing this API?

You don't. Or, you don't deliver the JAR with your app. You can't stop users 
from hacking, formally or informally. Reflection is always around the corner to 
boot.



The `token` parameter of `getInstance` is my attempt to limit the abuse 
of the API, by limiting the access to each logger context to the code 
that has access to `token`. This is currently done on a per-logger 
context level, which might explain the `getLoggerContext` method (used 
internally).



Sure, we can not count on a bullet proof mechanism that prevents 
multiple entities from modifying the logger configuration, but we could 
develop a mechanism of discretionary access control. Currently Spring 
Boot modifies the logging configuration even if it is running in a 
Servlet Container with a single Logger Context. We could provide some 
methods that inform Spring Boot of this fact.



4. What should be the lifecycle of this API and where should it live?

KISS 101: Not ANOTHER repo and version numbering system. Match Log4j and be 
done with it. Unless... you want to make this a new component as a sibling to 
Apache Logging Services Log4j: Apache Logging Services Admin.


I guess I want to make this a sibling project.


Once I have integrated all the feedback you have given into the draft, I 
can create a `logging-admin` repo and we can discuss the details in PRs.


Piotr






















					Reply via email to