Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8358090

Turn on timestamp and thread details by default for java.security.debug

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Unresolved
    • Icon: P4 P4
    • 25
    • security-libs
    • None
    • behavioral
    • minimal
    • The format of debug logs is always subject to change. Not aware of any tooling that needs java.security.debug to follow a particular pattern.
    • System or security property
    • JDK

      Summary

      In JDK 23, JDK-8051959 introduced an option to add thread and timestamp data to the debug java.security.debug system property. This CSR proposes to make changes to emit that data always and remove the +thread and +timestamp options which were used to control the logging behavior.

      Problem

      By default, the thread and timestamp data remains off in the java.security.debug output. To enhance the security debug logs, the thread and timestamp data should always be present. This brings it to a par with another important security debug system property, the TLS debug property: javax.net.debug. Output from TLS javax.net.debug logs always contains thread and timestamp data.

      Solution

      Remove the +thread and +timestamp support code and print thread and timestamp data by default. This enancement is only proposed for the JDK feature release. Update releases can continue to opt into such data.

      Debug output data from use of the java.security.debug property will now resemble something like the following:

      properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
      properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast

      Specification

      • The system property javadoc document, recently introduced via JDK-8328914, is updated to remove mention of the +thread and +timestamp options.
      • Update the java.security.debug help output to remove mention of the +thread and +timestamp options
      • A release note will accompany this change.
      • Continued use of the +thread and +timestamp options will no longer have impact. The thread and timestamp data is always printed and valid security components used in the java.security.debug property will continue to be logged.

            coffeys Sean Coffey
            coffeys Sean Coffey
            Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: