RFR: 8350689: Turn on timestamp and thread metadata by default for java.security.debug [v2]
Sean Mullan
mullan at openjdk.org
Fri May 30 14:28:52 UTC 2025
On Fri, 30 May 2025 08:31:31 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> Removal of the `+thread` and `+timestamp` options that were used to control the logging behavior of output from the `java.security.debug` system property.
>>
>>
>> To enhance the security debug logs, the thread and timestamp data should always be present. This brings it to a par with another important security debug system property, the TLS debug property: javax.net.debug. Output from the TLS `javax.net.debug` logs always contains thread and timestamp data.
>>
>> This patch remove the `+thread` and `+timestamp` support code and print thread and timestamp data by default. This enancement is only proposed for the JDK feature release. Update releases can continue to opt into such data.
>>
>> Debug output data from use of the `java.security.debug` property will now resemble something like the following:
>>
>>
>>
>> properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
>> properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
>>
>>
>> I've also trimmed back on some of the test case coverage since use of `+thread` and `+timestamp` options is now redundant with this patch.
>
> Sean Coffey has updated the pull request incrementally with one additional commit since the last revision:
>
> Incorporate review comments from Mark
What is the behavior if someone had added these options in JDK 23 and is now debugging the same code with JDK 25? Are they ignored? The CSR should also note the behavior.
src/java.base/share/classes/java/security/doc-files/debug-system-property.html line 55:
> 53: system property, which determines what trace messages are printed during
> 54: execution. The value of the property is one or more options separated by a
> 55: comma.
I suggest we add a sentence to this paragraph noting that each trace message also includes the thread id, timestamp, and caller information.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/25528#issuecomment-2922548035
PR Review Comment: https://git.openjdk.org/jdk/pull/25528#discussion_r2116024056
More information about the security-dev
mailing list