JDK-8073955 : Update java.security.debug help text to reflect recent enhancements for debugging
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 9
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2015-02-26
  • Updated: 2016-06-13
  • Resolved: 2015-02-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9 b53Fixed
Related Reports
Relates :  
JDK-8044445 - JEP 229: Create PKCS12 Keystores by Default
Description
The java.security.debug system property controls tracing and debugging output from security classes.

Recent enhancements to support KeyStore, PKCS12 and OCSP debugging are all missing from the help
text emitted by the property:

    % java -Djava.security.debug=help
    
    all           turn on all debugging
    access        print all checkPermission results
    certpath      PKIX CertPathBuilder and
                  CertPathValidator debugging
    combiner      SubjectDomainCombiner debugging
    gssloginconfig
                  GSS LoginConfigImpl debugging
    configfile    JAAS ConfigFile loading
    configparser  JAAS ConfigFile parsing
    jar           jar verification
    logincontext  login context results
    jca           JCA engine class debugging
    policy        loading and granting
    provider      security provider debugging
    pkcs11        PKCS11 session manager debugging
    pkcs11keystore
                  PKCS11 KeyStore debugging
    sunpkcs11     SunPKCS11 provider debugging
    scl           permissions SecureClassLoader assigns
    ts            timestamping
    
    The following can be used with access:
    
    stack         include stack trace
    domain        dump all domains in context
    failure       before throwing exception, dump stack
                  and domain that didn't have permission
    
    The following can be used with stack and domain:
    
    permission=<classname>
                  only dump output if specified permission
                  is being checked
    codebase=<URL>
                  only dump output if specified codebase
                  is being checked
    
    The following can be used with provider:
    
    engine=<engines>
                  only dump output for the specified list
                  of JCA engines. Supported values:
                  Cipher, KeyAgreement, KeyGenerator,
                  KeyPairGenerator, KeyStore, Mac,
                  MessageDigest, SecureRandom, Signature.
    
    Note: Separate multiple options with a comma