[jdk11u-dev] RFR: 8051959: Add thread and timestamp options to java.security.debug system property

Andrew John Hughes andrew at openjdk.org
Thu Mar 27 20:28:56 UTC 2025 

On Mon, 17 Feb 2025 16:27:04 GMT, Antonio Vieiro <duke at openjdk.org> wrote:

> Almost clean backport of [JDK-8051959](https://bugs.openjdk.org/browse/JDK-8051959) that adds options to `java.security.debug` to enhance traces with thread, log record and timestamp information, improving traceability and easying troubleshooting, on par with ["The java.security.debug System Property"  in JDK17](https://docs.oracle.com/en/java/javase/17/security/troubleshooting-security.html#GUID-05F3E865-20FF-46EB-AC35-84D4B552CA48) and above, and with 11.0.26-oracle. Low risk.
> 
> Backport is not completely clean because, among other things, [JDK-8292177](https://bugs.openjdk.org/browse/JDK-8292177) was applied differently in 11 (also `HexFormat` is not in 11).
> 
> One of the tests cases had to be changed, since JDK11 does not keep track of [Security#initialSystemProperties](https://github.com/openjdk/jdk17u-dev/blob/fcdcff0e0d6a25de5e1c3bd62ba909774663b0db/src/java.base/share/classes/java/security/Security.java#L68)  and thus searching for [`properties: Initial`](https://github.com/openjdk/jdk17u-dev/blob/fcdcff0e0d6a25de5e1c3bd62ba909774663b0db/test/jdk/sun/security/util/Debug/DebugOptions.java#L50) in the test `stderr` makes no sense. We're searching for `properties: java.security` instead (this is indicated in the github PR).
> 
> Tested on Linux with tier1...
> 
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/hotspot/jtreg:tier1                     1497  1497     0     0   
>    jtreg:test/jdk:tier1                               1899  1899     0     0   
>    jtreg:test/langtools:tier1                         3941  3941     0     0   
>    jtreg:test/nashorn:tier1                              0     0     0     0   
>    jtreg:test/jaxp:tier1                                 0     0     0     0   
> ==============================
> TEST SUCCESS
> 
> 
> ... and security tests ...
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/jdk/sun/security                         658   658     0     0   
> ==============================
> TEST SUCCESS

> > One of the tests cases had to be changed, since JDK11 does not keep track of [Security#initialSystemProperties](https://github.com/openjdk/jdk17u-dev/blob/fcdcff0e0d6a25de5e1c3bd62ba909774663b0db/src/java.base/share/classes/java/security/Security.java#L68) and thus searching for [`properties: Initial`](https://github.com/openjdk/jdk17u-dev/blob/fcdcff0e0d6a25de5e1c3bd62ba909774663b0db/test/jdk/sun/security/util/Debug/DebugOptions.java#L50) in the test `stderr` makes no sense. We're searching for `properties: java.security` instead (this is indicated in the github PR).
> 
> This should probably wait until https://bugs.openjdk.org/browse/JDK-8292177 (#2827) has been integrated to avoid this work-around.

Yes, it really only makes sense to do this with [JDK-8292177](https://bugs.openjdk.org/browse/JDK-8292177) & [JDK-8281658](https://bugs.openjdk.org/browse/JDK-8281658) (my motivation for 8292177). In other words, we either allow enhancements in this area or we don't. Trying to patch around the absence of an earlier change makes this change more risky to backport.

I've been waiting for a decision on 8292177 for nearly a year. It would be good if we could decide one way or the other. I've reopened it and can get Martin & Francisco to look at it once the April update is out of the way, but the ultimate decision needs to be made by maintainers.

-------------

PR Comment: https://git.openjdk.org/jdk11u-dev/pull/2998#issuecomment-2759396396

More information about the jdk-updates-dev mailing list