Remove commons-logging dependency properly and switch tutorial sample to logback/slf4j.

core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataDefinitionSourceTests.java

@@ -18,12 +18,8 @@ import java.lang.reflect.Method;
 import java.util.Collection;
 
 import junit.framework.TestCase;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
-import org.springframework.util.StringUtils;
 
 
 /**
@@ -37,7 +33,6 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
     //~ Instance fields ================================================================================================
 
     private SecuredAnnotationSecurityMetadataSource mds = new SecuredAnnotationSecurityMetadataSource();;
-    private Log logger = LogFactory.getLog(SecuredAnnotationSecurityMetadataDefinitionSourceTests.class);
 
     //~ Methods ========================================================================================================
 
@@ -54,10 +49,6 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
 
         assertNotNull(attrs);
 
-        if (logger.isDebugEnabled()) {
-            logger.debug("attrs: " + StringUtils.collectionToCommaDelimitedString(attrs));
-        }
-
         // expect 1 attribute
         assertTrue("Did not find 1 attribute", attrs.size() == 1);
 
@@ -78,10 +69,6 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
 
         assertNotNull(superAttrs);
 
-        if (logger.isDebugEnabled()) {
-            logger.debug("superAttrs: " + StringUtils.collectionToCommaDelimitedString(superAttrs));
-        }
-
         // This part of the test relates to SEC-274
         // expect 1 attribute
         assertEquals("Did not find 1 attribute", 1, superAttrs.size());

gradle/javaprojects.gradle

@@ -13,14 +13,17 @@ slf4jVersion = '1.6.1'
 logbackVersion = '0.9.24'
 
 configurations {
+    // Configuration which is ONLY used for compileJava and will not be inherited by any others
+    // Revisit post Gradle 1.0
+    compileOnly
+    // Used to identify deps whcih should be marked as "provided" in maven poms
     provided
     compile.extendsFrom provided
     compile.transitive = false
 }
 
 dependencies {
-    // We only compile against commons logging. It is excluded from all other configurations
-    compile 'commons-logging:commons-logging:1.1.1'
+    compileOnly 'commons-logging:commons-logging:1.1.1'
 
     compile ("org.springframework:spring-core:$springVersion") {
         exclude(group: 'commons-logging', module: 'commons-logging')
@@ -41,9 +44,10 @@ dependencies {
                 "ch.qos.logback:logback-classic:$logbackVersion"
 }
 
-// Get rid of commons logging
 [configurations.runtime, configurations.default]*.exclude(module: 'commons-logging')
 
+sourceSets.main.compileClasspath += configurations.compileOnly
+
 test {
     onlyIf {
         !project.hasProperty('skipTests')

samples/tutorial/src/main/webapp/WEB-INF/classes/log4j.properties

@@ -1,16 +0,0 @@
-# Global logging configuration
-log4j.rootLogger=DEBUG, stdout
-
-log4j.logger.org.springframework.security=DEBUG
-
-# Console output...
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.conversionPattern=[%p,%c{1}] %m%n
-
-# Rolling log file output...
-log4j.appender.fileout=org.apache.log4j.FileAppender
-log4j.appender.fileout.File=spring-security-tutorial.log
-log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
-log4j.appender.fileout.layout.conversionPattern=%d{ABSOLUTE} %5p %c{1},%t:%L - %m%n
-log4j.appender.fileout.Append=false

samples/tutorial/src/main/webapp/WEB-INF/classes/logback.xml

@@ -0,0 +1,14 @@
+<configuration>
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+    </encoder>
+  </appender>
+
+  <logger name="org.springframework.security" level="DEBUG"/>
+
+  <root level="INFO">
+    <appender-ref ref="STDOUT" />
+  </root>
+
+</configuration>

samples/tutorial/src/main/webapp/WEB-INF/web.xml

@@ -22,11 +22,6 @@
         </param-value>
     </context-param>
 
-    <context-param>
-        <param-name>log4jConfigLocation</param-name>
-        <param-value>/WEB-INF/classes/log4j.properties</param-value>
-    </context-param>
-
     <context-param>
         <param-name>webAppRootKey</param-name>
         <param-value>tutorial.root</param-value>
@@ -59,10 +54,6 @@
       <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
     </listener>
 
-    <listener>
-        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
-    </listener>
-
   <!--
     - Provides core MVC application controller. See contacts-servlet.xml.
     -->

samples/tutorial/tutorial.gradle

@@ -10,14 +10,18 @@ dependencies {
             "org.springframework:spring-beans:$springVersion",
             "org.springframework:spring-web:$springVersion",
             "org.springframework:spring-webmvc:$springVersion",
-            "org.aspectj:aspectjrt:$aspectjVersion"
+            "org.aspectj:aspectjrt:$aspectjVersion",
+            "org.slf4j:slf4j-api:$slf4jVersion"
 
     runtime project(':spring-security-web'),
             project(':spring-security-config'),
             project(':spring-security-taglibs'),
-            'log4j:log4j:1.2.15@jar'
+            "org.slf4j:jcl-over-slf4j:$slf4jVersion",
+            "org.slf4j:slf4j-jdk14:$slf4jVersion",
+            "ch.qos.logback:logback-core:$logbackVersion",
+            "ch.qos.logback:logback-classic:$logbackVersion"
 }
 
 jettyRun {
     contextPath = "/tutorial"
-}
+}