JDK-8073976 : Update the Security Troubleshooting Guide to cover latest java.security.debug options
  • Type: Bug
  • Component: docs
  • Sub-Component: guides
  • Affected Version: 9
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2015-02-26
  • Updated: 2016-04-29
  • Resolved: 2016-04-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9Fixed
Related Reports
Duplicate :  
Description
The Security Troubleshooting Guide describes the debugging options supported by the java.security.debug system property. It should be updated to include any missing options.

The full set of options is listed by using 'java -Djava.security.debug=help'. For example,


    % java -Djava.security.debug=help

    all           turn on all debugging
    access        print all checkPermission results
    certpath      PKIX CertPathBuilder and
                  CertPathValidator debugging
    combiner      SubjectDomainCombiner debugging
    gssloginconfig
                  GSS LoginConfigImpl debugging
    configfile    JAAS ConfigFile loading
    configparser  JAAS ConfigFile parsing
    jar           jar verification
    logincontext  login context results
    jca           JCA engine class debugging
    keystore      KeyStore debugging
    policy        loading and granting
    provider      security provider debugging
    pkcs11        PKCS11 session manager debugging
    pkcs11keystore
                  PKCS11 KeyStore debugging
    pkcs12        PKCS12 KeyStore debugging
    sunpkcs11     SunPKCS11 provider debugging
    scl           permissions SecureClassLoader assigns
    ts            timestamping

    The following can be used with access:

    stack         include stack trace
    domain        dump all domains in context
    failure       before throwing exception, dump stack
                  and domain that didn't have permission

    The following can be used with stack and domain:

    permission=<classname>
                  only dump output if specified permission
                  is being checked
    codebase=<URL>
                  only dump output if specified codebase
                  is being checked

    The following can be used with provider:

    engine=<engines>
                  only dump output for the specified list
                  of JCA engines. Supported values:
                  Cipher, KeyAgreement, KeyGenerator,
                  KeyPairGenerator, KeyStore, Mac,
                  MessageDigest, SecureRandom, Signature.

    The following can be used with certpath:
 
    ocsp          dump the OCSP protocol exchanges

    Note: Separate multiple options with a comma


Comments
The fix is available in Oracle Review: http://review.us.oracle.com/review2/Review.html#reviewId=277252;scope=document;documentId=1163910;noteId=3657656;matchType=tags;matchValue=54726f75626c65;status=closed The fix was reviewed by Sean Mullen
29-04-2016