On Fri, 1 Mar 2024 15:25:57 GMT, Alan Bateman <[email protected]> wrote:
>> Proposal to improve the `java.security.debug` output so that options exist
>> to add thread ID, thread name, source of log record and a timestamp
>> information to the output.
>>
>> examples:
>> format without patch :
>>
>>
>> properties: Initial security property:
>> package.definition=sun.misc.,sun.reflect.
>> properties: Initial security property: krb5.kdc.bad.policy=tryLast
>> keystore: Creating a new keystore in PKCS12 format
>>
>>
>> format with thread info included:
>>
>>
>> properties[10|main|Security.java:122]: Initial security property:
>> package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122]: Initial security property:
>> krb5.kdc.bad.policy=tryLast
>> keystore[10|main|KeyStoreDelegator.java:216]: Creating a new keystore in
>> PKCS12 format
>>
>>
>> format with thread info and timestamp:
>>
>>
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial
>> security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial
>> security property: krb5.kdc.bad.policy=tryLast
>>
>>
>> It's a similar format to what can be seen when the TLS (javax.net.debug)
>> debug logging option is in use
>>
>> current proposal is to keep the thread and timestamp information off (make
>> it opt in)
>>
>> The extra decorator info is controlled by appending option to each component
>> specified in the `"java.security.debug"` option list.
>>
>> e.g
>>
>> `-Djava.security.debug=properties+timestamp+thread` turns on logging for the
>> `properties` component and also decorates the records with timestamp and
>> thread info
>>
>> -Djava.security.debug=properties+thread+timestamp,keystore would decorate
>> the `properties` component but no decorating performed for the `keystore
>> `component.
>
> src/java.base/share/classes/sun/security/util/Debug.java line 294:
>
>> 292: if (printThreadDetails) {
>> 293: retString = toHexString(Thread.currentThread().threadId())
>> + "|" +
>> 294: Thread.currentThread().getName() + "|" +
>> formatCaller();
>
> The thread ID is in decimal in the default string representation of thread,
> also other diagnostic features such as the new thread dump. So I think you
> want to change this to "#" + Thread.currentThread().threadId().
Thanks Alan. Today, the TLS `javax.net.debug` logging prints the thread ID in
hex format. I was repeating behaviour seen from that impl. Having
`java.security.debug` output in decimal and the other in hex would prove
confusing. We could consider flipping both to decimal format in a follow on
patch.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18084#discussion_r1514781274
