RFR: 8051959: Add decorator options for java.security.debug output [v3]

Sean Coffey coffeys at openjdk.org
Thu Mar 21 19:39:36 UTC 2024 

> Proposal to improve the `java.security.debug` output so that options exist to add thread ID, thread name, source of log record and a timestamp information to the output.
> 
> examples:
> format without patch :
> 
> 
> properties: Initial security property: package.definition=sun.misc.,sun.reflect.
> properties: Initial security property: krb5.kdc.bad.policy=tryLast 
> keystore: Creating a new keystore in PKCS12 format
> 
> 
> format with thread info included:
> 
> 
> properties[10|main|Security.java:122]: Initial security property: package.definition=sun.misc.,sun.reflect.
> properties[10|main|Security.java:122]: Initial security property: krb5.kdc.bad.policy=tryLast 
> keystore[10|main|KeyStoreDelegator.java:216]: Creating a new keystore in PKCS12 format
> 
> 
> format with thread info and timestamp:
> 
> 
> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
> 
> 
> It's a similar format to what can be seen when the TLS (javax.net.debug) debug logging option is in use
> 
> current proposal is to keep the thread and timestamp information off (make it opt in)
> 
> The extra decorator info is controlled by appending option to each component specified in the `"java.security.debug"` option list.
> 
> e.g 
> 
> `-Djava.security.debug=properties+timestamp+thread` turns on logging for the `properties` component and also decorates the records with timestamp and thread info
> 
> -Djava.security.debug=properties+thread+timestamp,keystore would decorate the `properties` component but no decorating performed for the `keystore `component.

Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 12 additional commits since the last revision:

 - merge in krb5 debug changes and implement extra functionality. enhance krb5 test
 - krb5 debug merge
 - Merge branch 'master' into 8051959-tracing
 - Move help section higher. Add code comment
 - more test coverage
 - unused variable
 - use default hex output
 - static dateTimeFormatInitialized
 - Merge branch 'master' into 8051959-tracing
 - Holder class idiom
 - ... and 2 more: https://git.openjdk.org/jdk/compare/8ee39e01...5628bc22

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/18084/files
  - new: https://git.openjdk.org/jdk/pull/18084/files/d89308b5..5628bc22

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=18084&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=18084&range=01-02

  Stats: 389833 lines in 1609 files changed: 20981 ins; 83675 del; 285177 mod
  Patch: https://git.openjdk.org/jdk/pull/18084.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/18084/head:pull/18084

PR: https://git.openjdk.org/jdk/pull/18084

More information about the security-dev mailing list