RFR: 8350689: Turn on timestamp and thread metadata by default for java.security.debug [v3]

Sean Mullan mullan at openjdk.org
Mon Jun 2 19:39:54 UTC 2025 

On Fri, 30 May 2025 14:43:32 GMT, Sean Coffey <coffeys at openjdk.org> wrote:

>> Removal of the `+thread` and `+timestamp` options that were used to control the logging behavior of output from the `java.security.debug` system property.
>> 
>> 
>> To enhance the security debug logs, the thread and timestamp data should always be present. This brings it to a par with another important security debug system property, the TLS debug property: javax.net.debug. Output from the TLS `javax.net.debug` logs always contains thread and timestamp data.
>> 
>> This patch remove the `+thread` and `+timestamp` support code and print thread and timestamp data by default. This enancement is only proposed for the JDK feature release. Update releases can continue to opt into such data.
>> 
>> Debug output data from use of the `java.security.debug` property will now resemble something like the following:
>> 
>> 
>> 
>> properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
>> 
>> 
>> I've also trimmed back on some of the test case coverage since use of `+thread` and `+timestamp` options is now redundant with this patch.
>
> Sean Coffey has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update property doc as per Sean Mullan comment

src/java.base/share/classes/java/security/doc-files/debug-system-property.html line 56:

> 54:     execution. The value of the property is one or more options separated by a
> 55:     comma. Each trace message includes the thread id, timestamp and caller
> 56:     information.

Small comment, but I would list this in the order they are printed: "thread id, caller information, and timestamp".

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25528#discussion_r2121984557

More information about the security-dev mailing list