On Fri, 22 Mar 2024 16:27:38 GMT, Sean Coffey <coff...@openjdk.org> wrote:

>> Proposal to improve the `java.security.debug` output so that options exist 
>> to add thread ID, thread name, source of log record and a timestamp 
>> information to the output.
>> 
>> examples:
>> format without patch :
>> 
>> 
>> properties: Initial security property: 
>> package.definition=sun.misc.,sun.reflect.
>> properties: Initial security property: krb5.kdc.bad.policy=tryLast 
>> keystore: Creating a new keystore in PKCS12 format
>> 
>> 
>> format with thread info included:
>> 
>> 
>> properties[10|main|Security.java:122]: Initial security property: 
>> package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122]: Initial security property: 
>> krb5.kdc.bad.policy=tryLast 
>> keystore[10|main|KeyStoreDelegator.java:216]: Creating a new keystore in 
>> PKCS12 format
>> 
>> 
>> format with thread info and timestamp:
>> 
>> 
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial 
>> security property: package.definition=sun.misc.,sun.reflect.
>> properties[10|main|Security.java:122|2024-03-01 14:59:42.859 UTC]: Initial 
>> security property: krb5.kdc.bad.policy=tryLast
>> 
>> 
>> It's a similar format to what can be seen when the TLS (javax.net.debug) 
>> debug logging option is in use
>> 
>> current proposal is to keep the thread and timestamp information off (make 
>> it opt in)
>> 
>> The extra decorator info is controlled by appending option to each component 
>> specified in the `"java.security.debug"` option list.
>> 
>> e.g 
>> 
>> `-Djava.security.debug=properties+timestamp+thread` turns on logging for the 
>> `properties` component and also decorates the records with timestamp and 
>> thread info
>> 
>> -Djava.security.debug=properties+thread+timestamp,keystore would decorate 
>> the `properties` component but no decorating performed for the `keystore 
>> `component.
>
> Sean Coffey has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   Remove display name in format output. Simplify config checks. Test updates

Updates pushed to incorporate review comments to date. As mentioned, the CLDR 
JNI issue is triggered via the display name lookup (e.g. "UTC") - we can edit 
the date string format to not include this data. I've removed the early lookup 
workaround code as a result.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/18084#issuecomment-2015488223

Reply via email to