RFR: 8051959: Option to print thread information in java.security.debug output
Alan Bateman
alanb at openjdk.org
Fri Mar 1 15:28:52 UTC 2024
On Fri, 1 Mar 2024 15:13:49 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> Proposal to improve the `java.security.debug` output so that options exist to add thread ID, thread name, source of log record and a timestamp information to the output.
>
> examples:
> format without patch :
>
>
> properties: Initial security property: package.definition=sun.misc.,sun.reflect.
> properties: Initial security property: krb5.kdc.bad.policy=tryLast
> keystore: Creating a new keystore in PKCS12 format
>
>
> format with thread info included:
>
>
> properties[10|main|Security.java:122]: Initial security property: package.definition=sun.misc.,sun.reflect.
> properties[10|main|Security.java:122]: Initial security property: krb5.kdc.bad.policy=tryLast
> keystore[10|main|KeyStoreDelegator.java:216]: Creating a new keystore in PKCS12 format
>
>
> format with thread info and timestamp:
>
>
> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
>
>
> It's a similar format to what can be seen when the TLS (javax.net.debug) debug logging option is in use
>
> current proposal is to keep the thread and timestamp information off (make it opt in)
>
> The extra decorator info is controlled by appending option to each component specified in the `"java.security.debug"` option list.
>
> e.g
>
> `-Djava.security.debug=properties+timestamp+thread` turns on logging for the `properties` component and also decorates the records with timestamp and thread info
>
> -Djava.security.debug=properties+thread+timestamp,keystore would decorate the `properties` component but no decorating performed for the `keystore `component.
src/java.base/share/classes/sun/security/util/Debug.java line 294:
> 292: if (printThreadDetails) {
> 293: retString = toHexString(Thread.currentThread().threadId()) + "|" +
> 294: Thread.currentThread().getName() + "|" + formatCaller();
The thread ID is in decimal in the default string representation of thread, also other diagnostic features such as the new thread dump. So I think you want to change this to "#" + Thread.currentThread().threadId().
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18084#discussion_r1509156817
More information about the security-dev
mailing list