RFR: 8350689: Turn on timestamp and thread metadata by default for java.security.debug
Weijun Wang
weijun at openjdk.org
Thu May 29 22:38:53 UTC 2025
On Thu, 29 May 2025 19:06:15 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> Removal of the `+thread` and `+timestamp` options that were used to control the logging behavior of output from the `java.security.debug` system property.
>
>
> To enhance the security debug logs, the thread and timestamp data should always be present. This brings it to a par with another important security debug system property, the TLS debug property: javax.net.debug. Output from the TLS `javax.net.debug` logs always contains thread and timestamp data.
>
> This patch remove the `+thread` and `+timestamp` support code and print thread and timestamp data by default. This enancement is only proposed for the JDK feature release. Update releases can continue to opt into such data.
>
> Debug output data from use of the `java.security.debug` property will now resemble something like the following:
>
>
>
> properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
> properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
>
>
> I've also trimmed back on some of the test case coverage since use of `+thread` and `+timestamp` options is now redundant with this patch.
Looks great. Do you need a CSR?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/25528#issuecomment-2920734129
More information about the security-dev
mailing list