I have a java application running in an alpine container. I would like to find a reliable way to determine what is the value of networkaddress.cache.ttl. I tried to use this in the code of the application: java.security.Security.getProperty("networkaddress.cache.ttl"); but it always returns null, even when I use -Dnetworkaddress.cache.ttl=30 in the JAVA_OPTS arguments. So I am doing something wrong obviously but I don't know what. According to this
networkaddress.cache.ttl null in openjdk I don't even need to add the argument in JAVA_OPTS because the default value is 30 anyway. Looking at /usr/local/openjdk-8/jre/lib/security/java.security inside the container I can see #networkaddress.cache.ttl=-1 but it is commented out, so I have no idea what the default value is. So how can i reliably check what is the value of networkaddress.cache.ttl?
For reasons unknown to me -Dnetworkaddress.cache.ttl=30 fails to set anything. I managed to set it by adding this to my Dockerfile
sed -i '313,313 s/^#//' /usr/lib/jvm/zulu8-ca/jre/lib/security/java.security
sed -i '313,313 s/-1/30/' /usr/lib/jvm/zulu8-ca/jre/lib/security/java.security
Another way it can be done is described here. The idea is to use another file for overriding the security property.
Both approaches worked fine for me.
According to the [JDK 11 docs](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/doc-files/net-properties.html):
Since these 2 properties are part of the security policy, they are not set by either the -D option or the System.setProperty() API, instead they are set as security properties.
A note from AWS Java SDK uses SecurityProperty instead of SystemProperty as in:
java.security.Security.setProperty("networkaddress.cache.ttl" , "60");
so you could use
String ttl = java.security.Security.getProperty("networkaddress.cache.ttl");
Related
I have my application config have a property like
#Value("#{new Boolean(environment['spring.profiles.active']!='dev')}")
private boolean is24;
Now in two runtime env application-prod where VM variable is set like
-Dspring.profiles.active=prod
and an env application-dev where VM variable is like
-Dspring.profiles.active=dev
but the value of is24 is always coming as true. Any idea how can I fix it?
While I posted a comment how to achieve a goal you might have, this doesn't answer your question, and so here is the answer:
Your Spring Expression is (if working correctly) checking the content of the environment variable spring.profiles.active, while you are setting the active spring profile with a Java system property. Those two do not automatically reflect each other.
You can set the Spring profile both via environment variable and System property, but this is not a general behaviour of environment variables and System properties.
Summary: Id like to alter the way .hprofs are named when automatically created to incorporate machine's hostname + process PID
Long version: According to documentation (https://docs.oracle.com/javase/8/docs/technotes/guides/troubleshoot/clopts001.html) you can pass an option to the VM to create heapdumps under certain conditions (HeapDumpOnOutOfMemoryError), and can further customize this behavior by specifying a different path for the resulting .hprof file. You can change the name/path. What I would like to know is if its possible to make this option (HeapDumpPath) incorporate the hostname+PID to have uniquely named .hprofs (to be saved in a centralized location, but thats another scope). Could it be done? Can HeapDumpPath accept a parameter to get the hostname?
It doesn't look like there are options to inject values into the path. Depending on your shell you should be able to at least insert the hostname. The PID may not be possible since it is created after the process starts. You may be able to use a different variable like the application name though. In bash it would look something like this:
java -XX:+HeapDumpOnOutOfMemoryError -mn256m -mx512m ConsumeHeap -XX:HeapDumpPath=/disk2/dumps/$(hostname)/${APPLICATION_NAME}
Managed to do it just by using the Windows Environment Variable COMPUTERNAME in the wrapper.conf file for that particular Java VM. The full line is:
wrapper.java.additional.32=-XX:HeapDumpPath=./%COMPUTERNAME%.hprof
I've found tons of documentation on how to enable javax.net.debug for SSL, TLS and similar, but even in the reference documentation I've not found how to totally disable it overriding programmatically a previous setting.
My exact problem is that in a Tomcat instance another application performs the following instruction:
System.setProperty("javax.net.debug","all");
and this causes the catalina.out file to rise his dimension quickly and unwanted.
I've already tried to overwrite it from my Java code with the same instruciton, with "none", "off" and "false" values but with no result, still logging a plenty of TLS stuff.
For example in my application I've added this instruction:
System.setProperty("javax.net.debug","none");
but still I'm getting full log.
The problem is that the tomcat application is overwriting whatever value you give from command line, and if there is no way to control what this code is doing, you can't really overwrite it from commandline arguments. While a security manager would be able to prevent setting a property, it can only do so by throwing an exception, which is probably going to cause more issues than it solves.
In this case, your only option is to set the value yourself from code, after the other code sets it.
In case of the javax.net.debug, the option needs to be set to it's final value before the static static initializer of sun.* Debug class runs, which is before the first message would appear. This can be disabled by any value that isn't used as some option (empty string, or none should disable it). If it's set later, it will have no effect with no way to turn it off after the fact (with the exception of doing some bad reflection hacks to access internals of that class anyway, that are only possible with java 8 and earlier)
If there are some VM argument that enable SSL logging try to remove them, in addition you can check eclipse.ini file to see if those arguments are declared there or not.
You can disable it by removing the following from the run configuration in your IDE:
-Djavax.net.debug=all
To anyone who may need this, I set the value to an empty string: System.setProperty("javax.net.debug","");
It worked for me.
I start my java program(Test.java) like this:
java -DMyParam=2 Test
I can change this in code using System.setProperty() but is there any command line tool to change value of MyParam property ?
I tried using VM.set_flag but getting below error, probably because set_flag can set flags not system properties.
XXX#XXX-Air:~/javacode$ jcmd 11441 VM.set_flag MyParam 1
11441:
flag MyParam does not exist
This does not seem possible.
You might be able to change some manageable JVM flags using jinfo (https://docs.oracle.com/javase/8/docs/technotes/tools/unix/jinfo.html) but that command is also experimental and maybe no longer supported in next releases according to Oracle.
No, don't think that is possible. If this is the way you want to go, you would probably have to expose that functionality yourself. Perhaps creating a JMX bean and calling it with jmxterm?
It seems like this should be so easy, but I have been banging my head on it for days.
I have a simple Java web app that uses Jetty embedded in an executable jar, and I am using system properties to define configuration info that I'm keeping separated from the app. I like that I can set system properties on the command line with -D. For example,
java -Dbackend=backend_url -jar ...
Is there a way to set a default value for such a system property?
If you are the one doing the reading of those properties. when you read them you can specify what is their default (in case they were not given via the cmd).
you can read about it here:
link