I am working on upgrading log4j to log4j2. In that process I am getting a Logger Class cast exception. Below is the error.
Caused by: java.lang.ClassCastException: org.apache.log4j.Logger cannot be cast to org.owasp.esapi.Logger
at org.owasp.esapi.reference.Log4JLogFactory.getLogger(Log4JLogFactory.java:88)
at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154)
at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:75)
at org.owasp.esapi.reference.DefaultValidator.<clinit>(DefaultValidator.java:91)
... 45 more
In my old code( log4j properties file) I see a reference to this Logger. Below is the code that we have in our old code.
log4j.loggerFactory=org.owasp.esapi.reference.Log4JLoggerFactory
Now in log4j2 I am using log4j2.xml file and I didn't find any tag equivalent to that line. Could any please suggest me how to proceed?
Note: I am running my application in JBoss EAP 7
You can switch the logger factory away from the Log4j1 factory in the ESAPI.properties file to something else in order to avoid this error. I haven't tried but I imagine you could create a custom logging factory that uses Log4j2.
The following example will configure ESAPI to use JUL logging, which avoids the ClassCastException:
ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory