RFR: 8051959: Add thread and timestamp options to java.security.debug system property [v4]
Sean Coffey
coffeys at openjdk.org
Fri Mar 22 16:47:25 UTC 2024
On Fri, 22 Mar 2024 16:27:38 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> Proposal to improve the `java.security.debug` output so that options exist to add thread ID, thread name, source of log record and a timestamp information to the output.
>>
>> examples:
>> format without patch :
>>
>>
>> properties: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties: Initial security property: krb5.kdc.bad.policy=tryLast
>> keystore: Creating a new keystore in PKCS12 format
>>
>>
>> format with thread info included:
>>
>>
>> properties[10|main|Security.java:122]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122]: Initial security property: krb5.kdc.bad.policy=tryLast
>> keystore[10|main|KeyStoreDelegator.java:216]: Creating a new keystore in PKCS12 format
>>
>>
>> format with thread info and timestamp:
>>
>>
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
>>
>>
>> It's a similar format to what can be seen when the TLS (javax.net.debug) debug logging option is in use
>>
>> current proposal is to keep the thread and timestamp information off (make it opt in)
>>
>> The extra decorator info is controlled by appending option to each component specified in the `"java.security.debug"` option list.
>>
>> e.g
>>
>> `-Djava.security.debug=properties+timestamp+thread` turns on logging for the `properties` component and also decorates the records with timestamp and thread info
>>
>> -Djava.security.debug=properties+thread+timestamp,keystore would decorate the `properties` component but no decorating performed for the `keystore `component.
>
> Sean Coffey has updated the pull request incrementally with one additional commit since the last revision:
>
> Remove display name in format output. Simplify config checks. Test updates
Updates pushed to incorporate review comments to date. As mentioned, the CLDR JNI issue is triggered via the display name lookup (e.g. "UTC") - we can edit the date string format to not include this data. I've removed the early lookup workaround code as a result.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/18084#issuecomment-2015488223
More information about the security-dev
mailing list