-
Enhancement
-
Resolution: Fixed
-
P3
-
1.4.0
-
beta
-
generic
-
generic
It would be nice to support more granularity in the diagnostics output that can be generated with regard to policy evaluation and permission enforcement.
Currently the java.security.debug option is used to turn on policy debug output. However since this produces output for all evaluations the volume of the debug output is large. In server products such as Sun Web Server and App Server the amount of output is overwhelming and customers (internal and external) often give up in frustration while trying to follow it to diagnose problems.
I propose adding built-in capabilities for more granular policy diagnostics. Some possible examples:
- Show call stack and evaluation details only for named permission subtypes. This would be particularly useful for customers who have their own permissions and only care to follow the evaluation details of these.
- Show call stack and evaluation details only if the call stack contains named codesource(s). This would be useful when customer desires to trace the permissions impact of only the code in a given jar file, for instance.
###@###.### 2003-10-29
--
Currently the java.security.debug option is used to turn on policy debug output. However since this produces output for all evaluations the volume of the debug output is large. In server products such as Sun Web Server and App Server the amount of output is overwhelming and customers (internal and external) often give up in frustration while trying to follow it to diagnose problems.
I propose adding built-in capabilities for more granular policy diagnostics. Some possible examples:
- Show call stack and evaluation details only for named permission subtypes. This would be particularly useful for customers who have their own permissions and only care to follow the evaluation details of these.
- Show call stack and evaluation details only if the call stack contains named codesource(s). This would be useful when customer desires to trace the permissions impact of only the code in a given jar file, for instance.
###@###.### 2003-10-29
--