RFR: 8051959: Add thread and timestamp options to java.security.debug system property [v5]
Sean Coffey
coffeys at openjdk.org
Fri Mar 29 15:14:32 UTC 2024
On Fri, 29 Mar 2024 15:09:50 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> Proposal to improve the `java.security.debug` output so that options exist to add thread ID, thread name, source of log record and a timestamp information to the output.
>>
>> examples:
>> format without patch :
>>
>>
>> properties: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties: Initial security property: krb5.kdc.bad.policy=tryLast
>> keystore: Creating a new keystore in PKCS12 format
>>
>>
>> format with thread info included:
>>
>>
>> properties[10|main|Security.java:122]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122]: Initial security property: krb5.kdc.bad.policy=tryLast
>> keystore[10|main|KeyStoreDelegator.java:216]: Creating a new keystore in PKCS12 format
>>
>>
>> format with thread info and timestamp:
>>
>>
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
>>
>>
>> It's a similar format to what can be seen when the TLS (javax.net.debug) debug logging option is in use
>>
>> current proposal is to keep the thread and timestamp information off (make it opt in)
>>
>> The extra decorator info is controlled by appending option to each component specified in the `"java.security.debug"` option list.
>>
>> e.g
>>
>> `-Djava.security.debug=properties+timestamp+thread` turns on logging for the `properties` component and also decorates the records with timestamp and thread info
>>
>> -Djava.security.debug=properties+thread+timestamp,keystore would decorate the `properties` component but no decorating performed for the `keystore `component.
>
> Sean Coffey has updated the pull request incrementally with one additional commit since the last revision:
>
> don't assume option string in args
@wangweij found a scenario where the String parsing in the `configureExtras` method may not work as expected. Thanks! Shouldn't assume that option String is contained in `args` String -- "`all`" value has special treatment.
Method patched and test coverage updated
-------------
PR Comment: https://git.openjdk.org/jdk/pull/18084#issuecomment-2027366963
More information about the security-dev
mailing list