RFR: 8350689: Turn on timestamp and thread metadata by default for java.security.debug
Mark Powers
mpowers at openjdk.org
Thu May 29 22:08:52 UTC 2025
On Thu, 29 May 2025 19:06:15 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> Removal of the `+thread` and `+timestamp` options that were used to control the logging behavior of output from the `java.security.debug` system property.
>
>
> To enhance the security debug logs, the thread and timestamp data should always be present. This brings it to a par with another important security debug system property, the TLS debug property: javax.net.debug. Output from the TLS `javax.net.debug` logs always contains thread and timestamp data.
>
> This patch remove the `+thread` and `+timestamp` support code and print thread and timestamp data by default. This enancement is only proposed for the JDK feature release. Update releases can continue to opt into such data.
>
> Debug output data from use of the `java.security.debug` property will now resemble something like the following:
>
>
>
> properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
> properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
>
>
> I've also trimmed back on some of the test case coverage since use of `+thread` and `+timestamp` options is now redundant with this patch.
You might need to append 8350689 to @bug in a few test programs.
test/jdk/sun/security/krb5/auto/LoginModuleDebug.java line 62:
> 60: "",
> 61: "krb5loginmodule"),
> 62: // thread and timestamp on by default now
"now" will be confusing ten years from now.
test/jdk/sun/security/util/Debug/DebugOptions.java line 58:
> 56: private static Stream<Arguments> patternMatches() {
> 57: return Stream.of(
> 58: // thread and timestamp info on by default now
remove "now"
test/jdk/sun/security/util/Debug/DebugOptions.java line 62:
> 60: EXPECTED_PROP_REGEX,
> 61: "properties:"),
> 62: // thread and timestamp info on by default now
remove "now"
-------------
PR Review: https://git.openjdk.org/jdk/pull/25528#pullrequestreview-2879660897
PR Review Comment: https://git.openjdk.org/jdk/pull/25528#discussion_r2114780664
PR Review Comment: https://git.openjdk.org/jdk/pull/25528#discussion_r2114786648
PR Review Comment: https://git.openjdk.org/jdk/pull/25528#discussion_r2114787727
More information about the security-dev
mailing list