The Spring logging documentation is available here and describes the different logging possibilities. However, something I have not been able to find is the priority of the different configurations. More concretely, in application.properties I enabled logging for showing basic authentication failures by doing:
logging.level.org.springframework.security.web.authentication.www=DEBUG
This works fines and enabled the logs I expect to see. Then I checked if I could override the configuration above via log4j2.xml by including:
<Logger name="org.springframework.security.web.authentication.www" level="ERROR" additivity="false">
<AppenderRef ref="CONSOLE"/>
</Logger>
The change in log4j2.xml did not cause any effect. So my impression is that the logging configuration included in applications.properties takes priority over log4j2.xml (or it is read after). The only note I can see in the documentation that may be related is:
Since logging is initialized before the ApplicationContext is created, it is not possible to control logging from @PropertySources in Spring @Configuration files. The only way to change the logging system or disable it entirely is through System properties.
So my assumption is that the following will happen:
- Logging is configured according to
log4j2.xml. - Spring loads the Application context and then the logging configuration in
application.propertiesis taken and "wins".
So my question is, if someone knows how this is supposed to work without guessing (a link will be appreciated). NOTE: I am interested because I want to be sure that no log4j2.xml will disable the spring-security logging.
Thanks in advance!
CodePudding user response:
application.properties/application.yaml take precedence over log4j2.xml - search for precedence here
Environment variables take precedence over application.properties/application.yaml
A fuller precedence list is here