Feedback on the Log4J2 hack in Spring Boot

Last week, I wrote a post that described how to hack the Maven dependency resolution system. I admit it was a dirty hack, it’s even in the post name.

But I got it wrong. Thanks Stéphane Nicoll for pointing it out:

Even though I linked the documentation, I misread it. Here’s my mea culpa.

As Stéphane states, you can exclude the default dependency from the parent spring-boot-starter starter:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter</artifactId>
  <exclusions>
    <exclusion>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-logging</artifactId>
    </exclusion>
  </exclusions>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>

Enter fullscreen mode Exit fullscreen mode

Let’s check the mvn dependency:tree output:

[INFO] com.example:demo:jar:0.0.1-SNAPSHOT
[INFO] +- org.springframework.boot:spring-boot-starter:jar:2.4.1:compile          // 2
[INFO] |  +- org.springframework.boot:spring-boot:jar:2.4.1:compile
[INFO] |  |  \- org.springframework:spring-context:jar:5.3.2:compile
[INFO] |  +- org.springframework.boot:spring-boot-autoconfigure:jar:2.4.1:compile
[INFO] |  +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] |  +- org.springframework:spring-core:jar:5.3.2:compile
[INFO] |  |  \- org.springframework:spring-jcl:jar:5.3.2:compile
[INFO] |  \- org.yaml:snakeyaml:jar:1.27:compile
[INFO] +- org.springframework.boot:spring-boot-starter-log4j2:jar:2.4.1:compile   // 1
[INFO] |  +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.13.3:compile
[INFO] |  |  +- org.slf4j:slf4j-api:jar:1.7.30:compile
[INFO] |  |  \- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
[INFO] |  +- org.apache.logging.log4j:log4j-core:jar:2.13.3:compile
[INFO] |  +- org.apache.logging.log4j:log4j-jul:jar:2.13.3:compile
[INFO] |  \- org.slf4j:jul-to-slf4j:jar:1.7.30:compile
[INFO] +- org.springframework.boot:spring-boot-starter-actuator:jar:2.4.1:compile // 2
[INFO] |  +- org.springframework.boot:spring-boot-actuator-autoconfigure:jar:2.4.1:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-actuator:jar:2.4.1:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.11.3:compile
[INFO] |  |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.11.3:compile
[INFO] |  |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.11.3:compile
[INFO] |  |  \- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.11.3:compile
[INFO] |  \- io.micrometer:micrometer-core:jar:1.6.2:compile
[INFO] |     +- org.hdrhistogram:HdrHistogram:jar:2.1.12:compile
[INFO] |     \- org.latencyutils:LatencyUtils:jar:2.0.3:runtime

Enter fullscreen mode Exit fullscreen mode

1. The Log4J2 starter is present as expected
2. None of the starters brings in the SLF4J dependency

Besides that specific point, there are a couple of unrelated lessons:

1. Remember to check the documentation
2. Remember to check the documentation once more
3. Be surrounded by people who are willing to help correct you
4. Admit when you’re wrong
5. Most importantly, it’s less damaging to your pride to ask for feedback before posting than to publish such a fixing post after

To go further:

• Configure Log4j for Logging

Originally published at A Java Geek on December 20^th 2020

原文链接：Feedback on the Log4J2 hack in Spring Boot