JDK-6466247 : java.security.debug permission= and codebase= options do not work
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris_10
  • CPU: sparc
  • Submitted: 2006-08-31
  • Updated: 2011-03-07
  • Resolved: 2011-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u2Fixed 7 b03Fixed
Related Reports
Relates :  
Description
The java.security.debug permission=<classname> and codebase=<URL> options do not work. These
options are used with the stack/domain options (see sun.security.util.Debug source code for
more info).

There is a bug in sun.security.util.Debug.marshal - it doesn't properly parse out the permission/codebase names and they always get parsed into lower case so they never match against what the user specifies.
According to my test, when use the "," as separator, the denbug options work, the permission and codebase URL could be properly parsed. However, because a URL maybe contains a ",", need to evaluate the effect of "," in a URL.

Comments
EVALUATION I made some tests on a foo class, and I get the correct result as expected. 1. dump all stack debug with ":' as separator: $ java -Djava.security.manager -Djava.security.debug=access:stack Foo 1>alls.log 2>&1 2. dump all stack debug with ",' as separator: $ java -Djava.security.manager -Djava.security.debug=access,stack Foo 1>all.log 2>&1 3.dump stack debug for java.lang.RuntimePermission $ java -Djava.security.manager -Djava.security.debug=access,stack,permission=java.lang.RuntimePermission Foo 1>run.log 2>&1 4. dump stack debug for java.util.PropertyPermission $java -Djava.security.manager -Djava.security.debug=access,stack,permission=java.util.PropertyPermission Foo 1>prop.log 2>&1 5. dump stack debug for java.net.NetPermission $ java -Djava.security.manager -Djava.security.debug=access,stack,permission=java.net.NetPermission Foo 1>net.log 2>&1 6. dump stack debug for java.lang.reflect.ReflectPermission $ java -Djava.security.manager -Djava.security.debug=access,stack,permission=java.lang.reflect.ReflectPermission Foo 1>ref.log 2>&1 7. dump stack debug for java.io.FilePermission $ java -Djava.security.manager -Djava.security.debug=access,stack,permission=java.io.FilePermission Foo 1>fio.log 2>&1 java file and log files attached.
01-09-2006