-
Bug
-
Resolution: Fixed
-
P2
-
9
The Security Troubleshooting Guide describes the debugging options supported by the java.security.debug system property. It should be updated to include any missing options.
The full set of options is listed by using 'java -Djava.security.debug=help'. For example,
% java -Djava.security.debug=help
all turn on all debugging
access print all checkPermission results
certpath PKIX CertPathBuilder and
CertPathValidator debugging
combiner SubjectDomainCombiner debugging
gssloginconfig
GSS LoginConfigImpl debugging
configfile JAAS ConfigFile loading
configparser JAAS ConfigFile parsing
jar jar verification
logincontext login context results
jca JCA engine class debugging
keystore KeyStore debugging
policy loading and granting
provider security provider debugging
pkcs11 PKCS11 session manager debugging
pkcs11keystore
PKCS11 KeyStore debugging
pkcs12 PKCS12 KeyStore debugging
sunpkcs11 SunPKCS11 provider debugging
scl permissions SecureClassLoader assigns
ts timestamping
The following can be used with access:
stack include stack trace
domain dump all domains in context
failure before throwing exception, dump stack
and domain that didn't have permission
The following can be used with stack and domain:
permission=<classname>
only dump output if specified permission
is being checked
codebase=<URL>
only dump output if specified codebase
is being checked
The following can be used with provider:
engine=<engines>
only dump output for the specified list
of JCA engines. Supported values:
Cipher, KeyAgreement, KeyGenerator,
KeyPairGenerator, KeyStore, Mac,
MessageDigest, SecureRandom, Signature.
The following can be used with certpath:
ocsp dump the OCSP protocol exchanges
Note: Separate multiple options with a comma
The full set of options is listed by using 'java -Djava.security.debug=help'. For example,
% java -Djava.security.debug=help
all turn on all debugging
access print all checkPermission results
certpath PKIX CertPathBuilder and
CertPathValidator debugging
combiner SubjectDomainCombiner debugging
gssloginconfig
GSS LoginConfigImpl debugging
configfile JAAS ConfigFile loading
configparser JAAS ConfigFile parsing
jar jar verification
logincontext login context results
jca JCA engine class debugging
keystore KeyStore debugging
policy loading and granting
provider security provider debugging
pkcs11 PKCS11 session manager debugging
pkcs11keystore
PKCS11 KeyStore debugging
pkcs12 PKCS12 KeyStore debugging
sunpkcs11 SunPKCS11 provider debugging
scl permissions SecureClassLoader assigns
ts timestamping
The following can be used with access:
stack include stack trace
domain dump all domains in context
failure before throwing exception, dump stack
and domain that didn't have permission
The following can be used with stack and domain:
permission=<classname>
only dump output if specified permission
is being checked
codebase=<URL>
only dump output if specified codebase
is being checked
The following can be used with provider:
engine=<engines>
only dump output for the specified list
of JCA engines. Supported values:
Cipher, KeyAgreement, KeyGenerator,
KeyPairGenerator, KeyStore, Mac,
MessageDigest, SecureRandom, Signature.
The following can be used with certpath:
ocsp dump the OCSP protocol exchanges
Note: Separate multiple options with a comma
- duplicates
-
JDK-8058624 Update Security Troubleshooting Guide with the new options for java.security.debug
-
- Closed
-