harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexey Varlamov (JIRA)" <j...@apache.org>
Subject [jira] Created: (HARMONY-2400) [security] security debugging feature is desirable
Date Mon, 04 Dec 2006 06:26:21 GMT
[security] security debugging feature is desirable

                 Key: HARMONY-2400
                 URL: http://issues.apache.org/jira/browse/HARMONY-2400
             Project: Harmony
          Issue Type: Wish
          Components: Classlib
            Reporter: Alexey Varlamov
            Priority: Trivial

The RI provides debug tracing support for JSA/JAAS/JSSE, which can be turned on 
via system keys. Though this valueable provision is not documented, it is of 
sort "nice to have" features.
Here is detailed description (see also [1], [2]):
Debug tracing support is enabled and controlled through system properties which 
can be set either programmatically or via the command line. 
Values can be separated by a delimiter, such as a comma. The delimiter is not 
required, but does enhance readability. 
The following keys are recognized:
1) For JSA/JAAS, the system property java.security.debug with the following 
    all -- turn on all debugging (equivalent to setting all of the modifiers 
    access -- print all checkPermission results
    combiner -- SubjectDomainCombiner debugging
    jar -- jar verification
    logincontext -- login context results
    policy -- loading and granting
    provider -- security provider debugging
    scl -- permissions SecureClassLoader assigns
    The following can be used with access:
        stack -- include stack trace
        domain -- dumps all domains in context
        failure -- before throwing exception, dump stack and domain that didn't 
have permission
2) For JSSE (Java Secure Sockets Extension) the system property javax.net.debug 
with the following values: 
    all -- turn on all debugging (equivalent to setting all of the modifiers 
    ssl -- turn on ssl debugging
    The following can be used with ssl:
        record -- enable per-record tracing
        handshake -- print each handshake message
        keygen -- print key generation data
        session -- print session activity
        defaultctx -- print default SSL initialization
        sslctx -- print SSLContext tracing
        sessioncache -- print session cache tracing
        keymanager -- print key manager tracing
        trustmanager -- print trust manager tracing

        handshake debugging can be widened with:
            data         hex dump of each handshake message
            verbose      verbose handshake message printing

        record debugging can be widened with:
            plaintext    hex dump of record plaintext

[1] http://www.oreilly.com/catalog/javasec2/chapter/ch01.html
[2] http://java.sun.com/developer/onlineTraining/Security/Fundamentals/Security.html

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message