RFR: 8051959: Add thread and timestamp options to java.security.debug system property [v3]

Sean Coffey coffeys at openjdk.org
Thu Mar 21 19:44:23 UTC 2024 

On Thu, 21 Mar 2024 19:39:36 GMT, Sean Coffey <coffeys at openjdk.org> wrote:

>> Proposal to improve the `java.security.debug` output so that options exist to add thread ID, thread name, source of log record and a timestamp information to the output.
>> 
>> examples:
>> format without patch :
>> 
>> 
>> properties: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties: Initial security property: krb5.kdc.bad.policy=tryLast 
>> keystore: Creating a new keystore in PKCS12 format
>> 
>> 
>> format with thread info included:
>> 
>> 
>> properties[10|main|Security.java:122]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122]: Initial security property: krb5.kdc.bad.policy=tryLast 
>> keystore[10|main|KeyStoreDelegator.java:216]: Creating a new keystore in PKCS12 format
>> 
>> 
>> format with thread info and timestamp:
>> 
>> 
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
>> 
>> 
>> It's a similar format to what can be seen when the TLS (javax.net.debug) debug logging option is in use
>> 
>> current proposal is to keep the thread and timestamp information off (make it opt in)
>> 
>> The extra decorator info is controlled by appending option to each component specified in the `"java.security.debug"` option list.
>> 
>> e.g 
>> 
>> `-Djava.security.debug=properties+timestamp+thread` turns on logging for the `properties` component and also decorates the records with timestamp and thread info
>> 
>> -Djava.security.debug=properties+thread+timestamp,keystore would decorate the `properties` component but no decorating performed for the `keystore `component.
>
> Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 12 additional commits since the last revision:
> 
>  - merge in krb5 debug changes and implement extra functionality. enhance krb5 test
>  - krb5 debug merge
>  - Merge branch 'master' into 8051959-tracing
>  - Move help section higher. Add code comment
>  - more test coverage
>  - unused variable
>  - use default hex output
>  - static dateTimeFormatInitialized
>  - Merge branch 'master' into 8051959-tracing
>  - Holder class idiom
>  - ... and 2 more: https://git.openjdk.org/jdk/compare/7fb32dee...5628bc22

@wangweij 
Updated the PR to incorporate extra changes as a result JDK-8327818 
Would appreciate if you can take a look

-------------

PR Comment: https://git.openjdk.org/jdk/pull/18084#issuecomment-2013508350

More information about the security-dev mailing list