RFR: 8254711: Add java.security.Provider.getService JFR Event [v2]
Sean Coffey
coffeys at openjdk.org
Mon Sep 19 16:58:43 UTC 2022
On Mon, 19 Sep 2022 16:43:26 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Yes, I think this would generate too much noise and detract from the main motivation for these events, which is to help users analyze the security of algorithms that are being used by their applications at the JCE layer.
>
> Plus one regarding "too much noise". This event is at the Provider.getService() level and would reports all calls regardless the type and algorithm. Crypto services which supports the delayed provider selection may call Provider.getService() to query but may not use all available ones. So, even if the service is returned, it may not be actually used. Just saying.
> Does JFR events support filtering? Or is the expectation of this being a collection of usages and analyze is done separately?
Let's stick to just recording events where a match on service and provider is made then.
The expectation is that analysis would be done post recording. Probably best to reduce the runtime performance impact.
-------------
PR: https://git.openjdk.org/jdk/pull/9657
More information about the core-libs-dev
mailing list