Chris,

The custom access logging for the 'r' pattern was mainly to skip (or mask 
appropriately)  logging of query parameters which contained sensitive 
information for certain requests. (Tomcat in these cases acted like the proxy 
which does the authentication and forwards request as is to a legacy 
sub-system).

Also, thank you all for addressing the package private constructor issue in 
10.1.57.

Thanks,
Amit


________________________________
From: Christopher Schultz <[email protected]>
Sent: Thursday, July 2, 2026 9:09 PM
To: [email protected] <[email protected]>
Subject: Re: Tomcat 10.1.56: Extending RequestElement no longer works!

Amit,

On 6/23/26 6:41 PM, Amit Pande via users wrote:
> Thank you for the response, Chris!
>
> Below is the structure of custom access log valve:
>
> // Custom access log valve
>
> public class CustomAccessLogValve extends AccessLogValve {
>
>        @Override
>        protected AccessLogElement createAccessLogElement(char pattern) {
>            if (pattern == 'r') {
> // custom request element
>                return new CustomRequestElement();
>            }
>            return super.createAccessLogElement(pattern);
>        }
>
>   protected static class CustomRequestElement extends RequestElement {
>
>    @Override
>           public void addElement(CharArrayWriter buf, Date date, Request 
> request, Response response, long time) {
>              }
>   }
> }

Gotcha. I'm curious ... what is your 'r' pattern handled doing? Is it
something we could add upstream so you don't have to deal with it?

It looks like the constructor is now public and will be available in the
next Tomcat releases.

-chris

> ________________________________
> From: Rémy Maucherat <[email protected]>
> Sent: Tuesday, June 23, 2026 5:22 PM
> To: Tomcat Users List <[email protected]>
> Subject: Re: Tomcat 10.1.56: Extending RequestElement no longer works!
>
> On Tue, Jun 23, 2026 at 10:52 PM Christopher Schultz
> <[email protected]> wrote:
>>
>> Amit,
>>
>> On 6/23/26 2:01 PM, Amit Pande via users wrote:
>>> Hello,
>>>
>>> protected static class RequestElement implements AccessLogElement {
>>>
>>> /**
>>> * Constructs a new RequestElement.
>>> */
>>> RequestElement() {
>>>
>>>
>>> Javadoc fixes and improvements · 
>>> apache/tomcat@53c8f1e<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Ftomcat%2Fcommit%2F53c8f1ef59cb2bd1f03b7348b59263bfe3738550%23diff-2a57b3aba46c5951ddee8deb44f6e415f08899734b938fd114ceb7ffc1a4df14&data=05%7C02%7Camit.pande%40cohesity.com%7Cf254f2e428f444e32d5108ded8a85a0c%7Cb3c5c12c459546ac9b80e6d7b886903f%7C0%7C0%7C639186414751446701%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=zQAlxZU1pc%2BmsB9sTzZ3T8SdLhsrGmx7YnAySj4qy5c%3D&reserved=0>
>>>
>>> In 10.1.56, above change has caused breakage in code extending from 
>>> RequestElement .
>>>
>>>
>>>            error: RequestElement() is not public in RequestElement; cannot 
>>> be accessed from outside package
>>>
>>>
>>> Is this change intentional? If yes, what is the recommended alternate?
>>
>> This is a protected class. How (exactly) are you using it in your code?
>
> This is a bit random. Some of the constructors are public, others
> protected, and now I added some package ones (not very fun, should be
> either public or protected).
>
> Rémy
>
>> I'd like to see the code you have and the declaration of the enclosing
>> class(es).
>>
>> -chris
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to