RFR: 8268349: Provide more detail in JEP 411 warning messages

Weijun Wang weijun at openjdk.java.net
Tue Jun 8 12:28:16 UTC 2021 

On Tue, 8 Jun 2021 06:11:17 GMT, Alan Bateman <alanb at openjdk.org> wrote:

>> More loudly and precise warning messages when a security manager is either enabled at startup or installed at runtime.
>
> src/java.base/share/classes/java/lang/System.java line 331:
> 
>> 329: 
>> 330:     // Remember original System.err. setSecurityManager() warning goes here
>> 331:     private static PrintStream oldErrStream = null;
> 
> I assume this should needs to be volatile and @Stable. I think we need a better name for it too.

Will add the modifiers. How about "originalErr"?

> src/java.base/share/classes/java/lang/System.java line 336:
> 
>> 334:         // Remember callers of setSecurityManager() here so that warning
>> 335:         // is only printed once for each different caller
>> 336:         final static Map<String, Boolean> callersOfSSM = new WeakHashMap<>();
> 
> You can't use a WeakHashMap without synchronization but a big question here is whether a single caller frame is sufficient. If I were doing this then I think I would capture the hash of a number of stack frames to create a better filter.

I thought about that but not sure of performance impact. Is the worst problem that more than one warnings will be printed for a single caller? It's not really harmless.

As for the frame, if the warning message only contain the caller class name and its code source, why is it worth using a key of multiple frames? The message will look the same.

> src/java.base/share/classes/java/lang/System.java line 2219:
> 
>> 2217:                                 WARNING: java.lang.SecurityManager is deprecated and will be removed in a future release
>> 2218:                                 WARNING: -Djava.security.manager=%s will have no effect when java.lang.SecurityManager is removed
>> 2219:                                 """, smProp);
> 
> Raw strings may be useful here but means the lines length are inconsistent and makes it too hard to look at side by side diffs now.

I understand what you mean when I switch to Split View.  While I can extract the lines to a method, I somehow think it's not worth doing because for each type of warning the method is only called once.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4400

More information about the security-dev mailing list