RFR: 8254711: Add java.security.Provider.getService JFR Event
Sean Mullan
mullan at openjdk.org
Mon Sep 19 15:55:46 UTC 2022
On Mon, 19 Sep 2022 15:25:43 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> src/java.base/share/classes/java/security/Provider.java line 1293:
>>
>>> 1291: }
>>> 1292:
>>> 1293: if (s != null && SecurityProviderServiceEvent.isTurnedOn()) {
>>
>> Would it be useful to generate an event even for the cases where a call to this method was made but no service was available and `null` was returned? The event perhaps could capture that there was no service found for such type/algorithm combination? That would help identify usages in applications where there might be fallbacks being used when this method returns null?
>
> I had this as the original design actually. I'm not sure how interesting it would be to record such "no-service" type events. It would probably add 2-4 times the number of events for this event type to a typical recording, given that the framework iterates over the providers in preferential order.
Yes, I think this would generate too much noise and detract from the main motivation for these events, which is to help users analyze the security of algorithms that are being used by their applications at the JCE layer.
-------------
PR: https://git.openjdk.org/jdk/pull/9657
More information about the security-dev
mailing list