8350689: Turn on timestamp and thread metadata by default for java.security.debug #25528
Conversation
|
👋 Welcome back coffeys! A progress list of the required criteria for merging this PR into |
|
@coffeys This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 21 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
openjdk
bot
changed the title
openjdk
bot
added
csr
Webrevs
|
| "", | ||
| "krb5loginmodule"), | ||
| // thread info only | ||
| // thread and timestamp on by default now |
There was a problem hiding this comment.
"now" will be confusing ten years from now.
| private static Stream<Arguments> patternMatches() { | ||
| return Stream.of( | ||
| // no extra info present | ||
| // thread and timestamp info on by default now |
| // thread info only | ||
| EXPECTED_PROP_REGEX, | ||
| "properties:"), | ||
| // thread and timestamp info on by default now |
|
Looks great. Do you need a CSR? |
Yes - need a reviewer for CSR: https://bugs.openjdk.org/browse/JDK-8358090 Thanks. I've taken Mark's comments on board. I removed the comment referring to default "on" also since there is no concept of on/off for this option anymore. |
|
I added my name as a reviewer to the CSR. The Summary section currently has "This CSR proposes to turn that data on by default". You may just say "turn that data on always". |
| <p> To monitor security access, you can set the <code>java.security.debug</code> | ||
| system property, which determines what trace messages are printed during | ||
| execution. The value of the property is one or more options separated by a | ||
| comma. |
There was a problem hiding this comment.
I suggest we add a sentence to this paragraph noting that each trace message also includes the thread id, timestamp, and caller information.
There was a problem hiding this comment.
Thanks. Added
"Each trace message includes the thread id, timestamp and caller information." to this paragraph
|
What is the behavior if someone had added these options in JDK 23 and is now debugging the same code with JDK 25? Are they ignored? The CSR should also note the behavior. |
I've added this clarification to the CSR:
|
| comma. Each trace message includes the thread id, timestamp and caller | ||
| information. |
There was a problem hiding this comment.
Small comment, but I would list this in the order they are printed: "thread id, caller information, and timestamp".
openjdk
bot
added
ready
|
/integrate |
|
Going to push as commit 42f48a3.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
4 participants
Removal of the
+threadand+timestampoptions that were used to control the logging behavior of output from thejava.security.debugsystem property.To enhance the security debug logs, the thread and timestamp data should always be present. This brings it to a par with another important security debug system property, the TLS debug property: javax.net.debug. Output from the TLS
javax.net.debuglogs always contains thread and timestamp data.This patch remove the
+threadand+timestampsupport code and print thread and timestamp data by default. This enancement is only proposed for the JDK feature release. Update releases can continue to opt into such data.Debug output data from use of the
java.security.debugproperty will now resemble something like the following:I've also trimmed back on some of the test case coverage since use of
+threadand+timestampoptions is now redundant with this patch.Progress
Issues
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/25528/head:pull/25528$ git checkout pull/25528Update a local copy of the PR:
$ git checkout pull/25528$ git pull https://git.openjdk.org/jdk.git pull/25528/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 25528View PR using the GUI difftool:
$ git pr show -t 25528Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/25528.diff
Using Webrev
Link to Webrev Comment