RFR: 8051959: Add decorator options for java.security.debug output [v2]

Bernd duke at openjdk.org
Fri Mar 15 11:55:40 UTC 2024 

On Thu, 7 Mar 2024 11:57:07 GMT, Sean Coffey <coffeys at openjdk.org> wrote:

>> Proposal to improve the `java.security.debug` output so that options exist to add thread ID, thread name, source of log record and a timestamp information to the output.
>> 
>> examples:
>> format without patch :
>> 
>> 
>> properties: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties: Initial security property: krb5.kdc.bad.policy=tryLast 
>> keystore: Creating a new keystore in PKCS12 format
>> 
>> 
>> format with thread info included:
>> 
>> 
>> properties[10|main|Security.java:122]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122]: Initial security property: krb5.kdc.bad.policy=tryLast 
>> keystore[10|main|KeyStoreDelegator.java:216]: Creating a new keystore in PKCS12 format
>> 
>> 
>> format with thread info and timestamp:
>> 
>> 
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
>> 
>> 
>> It's a similar format to what can be seen when the TLS (javax.net.debug) debug logging option is in use
>> 
>> current proposal is to keep the thread and timestamp information off (make it opt in)
>> 
>> The extra decorator info is controlled by appending option to each component specified in the `"java.security.debug"` option list.
>> 
>> e.g 
>> 
>> `-Djava.security.debug=properties+timestamp+thread` turns on logging for the `properties` component and also decorates the records with timestamp and thread info
>> 
>> -Djava.security.debug=properties+thread+timestamp,keystore would decorate the `properties` component but no decorating performed for the `keystore `component.
>
> Sean Coffey has updated the pull request incrementally with one additional commit since the last revision:
> 
>   use default hex output

src/java.base/share/classes/sun/security/util/Debug.java line 294:

> 292:         if (printThreadDetails) {
> 293:             retString = "0x" + Long.toHexString(
> 294:                     Thread.currentThread().threadId()).toUpperCase(Locale.ROOT) +

mmhh.. i can understand the desire to unify casing, but maybe changing the other logs to use javas default casing for hex (instead of changing it here) makes the code faster and better to read?
(Not sure if StringBuilder optimization (including starting with [) would be worth the complication)

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18084#discussion_r1526169704

More information about the security-dev mailing list