Monitoring Java Application Security with JDK Tools and JFR Events
0 likes220 views
The document discusses monitoring Java application security using JDK tools and JDK Flight Recorder (JFR) events to track various aspects of the JVM and application state. It outlines key JFR event components and provides examples of monitoring setups, including passive and active monitoring methods with example code snippets. Additionally, it offers useful links for further reading on JFR and related topics.
![Local Demo Setup Overview
Running TicTacToe locally
Monitor with JDK tools
Spring Boot application
with JDK 23
Keystore
Truststore
Client Certificate #local.ext file
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = springboot
IP.1 = 127.0.0.1](https://image.slidesharecdn.com/monitoringjavaapplicationsecuritywithjdktoolsandjfrevents-241106120131-0ac5d3d5/85/Monitoring-Java-Application-Security-with-JDK-Tools-and-JFR-Events-5-320.jpg)
![The jfr scrub Command
• Filter data from the specified recording file.
jfr scrub [filters] [recording-file] [output-file]
• Supply which events to include.
jfr scrub --include-events jdk.FileRead,jdk.FileWrite
• Include a category and exclude events.
jfr scrub --include-categories GC* --exclude-events jdk.GCLocker
• Remove all events by category: jfr scrub --exclude-categories GC*
[JFR scrub recording data— JDK-8281175]](https://image.slidesharecdn.com/monitoringjavaapplicationsecuritywithjdktoolsandjfrevents-241106120131-0ac5d3d5/85/Monitoring-Java-Application-Security-with-JDK-Tools-and-JFR-Events-6-320.jpg)
Monitoring Java Application Security with JDK Tools and JFR Events
- 1. Monitoring Java Application Security with JDK Tools & JFR Events #jfall
- 2. Hello! I am Ana
- 3. JDK Flight Recorder(JFR) Events When running a Java application, JFR can collect events that occur in the JVM. JFR Events express the state of the application and underlying JVM. For profiling, store event data in a .jfr file. Timestamp Duration ThreadID Stack Trace ID Event Specific Payload JFR Event Components Event ID
- 4. JFR Security Events Name Goal Backporte d To Enabl ed By De fault* jdk.SecurityPropertyModification Records calls to Security.setProperty(String key, String value). Oracle JDK 11.0.5 and 8u231 No jdk.TLSHandshake Keeps track of TLS handshake activity. Oracle JDK 11.0.5 and 8u231 No jdk.X509Certificate Records details of X.509 Certificates. Oracle JDK 11.0.5 and 8u231 No jdk.X509Validation Records details of X.509 certificates negotiated in successful X.509 validation. Oracle JDK 11.0.5 and 8u231 No jdk.InitialSecurityProperty For insights on initial JDK security properties. Oracle JDK 17.0.7 and 11.0.20 Yes jdk.SecurityProviderService Records service provider method invocations. JDK 17.0.8, 11.0.22 and 8u391 No * In default.jfc and profile.jfc shipped within a JDK
- 5. Local Demo Setup Overview Running TicTacToe locally Monitor with JDK tools Spring Boot application with JDK 23 Keystore Truststore Client Certificate #local.ext file authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = springboot IP.1 = 127.0.0.1
- 6. The jfr scrub Command • Filter data from the specified recording file. jfr scrub [filters] [recording-file] [output-file] • Supply which events to include. jfr scrub --include-events jdk.FileRead,jdk.FileWrite • Include a category and exclude events. jfr scrub --include-categories GC* --exclude-events jdk.GCLocker • Remove all events by category: jfr scrub --exclude-categories GC* [JFR scrub recording data— JDK-8281175]
- 7. Continuous Monitoring in the Cloud
- 8. Active Monitoring Out of Process String host = "com.example"; int port = 1099; String url = "service:jmx:rmi:///jndi/rmi://" + host + ":" + port + "/jmxrmi"; JMXServiceURL u = new JMXServiceURL(url); JMXConnector c = JMXConnectorFactory.connect(new JMXServiceURL(url)); MBeanServerConnection connection = c.getMBeanServerConnection(); try (var stream = new RemoteRecordingStream(connection)) { stream.enabled("jdk.X509Certificate").withStackTrace(); stream.onEvent("jdk.X509Certificate", System.out::println), stream.start(); }
- 9. Passive Monitoring Out of Process CompositeMeterRegistry metricsRegistry = Metrics.globalRegistry; Path path = Path.of("/repository/2024_09_16_09_48_31_6185"); try (var es = EventStream.openRepository(path)) { es.enabled("jdk.X509Certificate").withStackTrace(); es.onEvent("jdk.X509Validation", recordedEvent -> { Gauge.builder("jdk.X509Validation", recordedEvent, e -> e.getLong("validationCounter")) .description("X509 Certificate Validation Gauge") .register(metricsRegistry); }); es.start(); }
- 10. Stream JFR Events Actively, Within Process CompositeMeterRegistry metricsRegistry = Metrics.globalRegistry; try (var es = new RecordingStream()) { es.onEvent("jdk.X509Validation", recordedEvent -> { Gauge.builder("jdk.X509Validation", recordedEvent, e -> e.getLong("validationCounter")) .description("X509 Certificate Validation Gauge") .register(metricsRegistry); }); es.start(); } catch (IOException e) { throw new RuntimeException("Couldn't process event", e); }
- 11. Stream JFR Events Passively, Within Process CompositeMeterRegistry metricsRegistry = Metrics.globalRegistry; try (var es = EventStream.openRepository()) { es.onEvent("jdk.X509Validation", recordedEvent -> { Gauge.builder("jdk.X509Validation", recordedEvent, e -> e.getLong("validationCounter")) .description("X509 Certificate Validation Gauge") .register(metricsRegistry); }); es.start(); } catch (IOException e) { throw new RuntimeException("Couldn't process event", e); }
- 12. Evolving the Demo Setup Oracle Cloud Run podman compose with TicTacToe in Oracle Cloud Instance Monitor with JDK tools Spring Boot application with JDK 23 Keystore Player Monitoring tool (Prometheus) Configuration Volume Volume Java Management Service
- 13. Let’s play and Observe!
- 14. Stay Tuned For More! Inside.java Dev.java youtube.com/java
- 15. Useful links • Monitoring Java Application Security with JDK tools and JFR Events: https://dev.java/learn/security/monitor/ • Stack Walker ep 2 on JFR https://inside.java/2023/05/14/stackwalker-02/ • Introduction to JDK Mission Control: https://youtu.be/7-RKyp05m8M • JMC9 – What’s new?: https://youtu.be/KzWwGSRxIi4 • Continuous monitoring with JDK Flight Recorder: https://www.infoq.com/presentations/monitoring-jdk-jfr/ • Code used during demo: https://github.com/ammbra/tictactoe • OCI Instance installation: https://inside.java/2024/07/16/build-oci-instance-with-java-concepts/ • Compose files in OCI: https://docs.oracle.com/en/learn/podman-compose/index.html#confirm-podman-compose-is-working • More articles on Java Management Service: https://inside.java/tag/cloud • Gunnar Morling’s article on custom JFR events: https://www.morling.dev/blog/rest-api-monitoring-with-custom-jdk-flight- recorder-events/