You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "Alexey Varlamov (JIRA)" <ji...@apache.org> on 2006/12/04 07:26:21 UTC
[jira] Created: (HARMONY-2400) [security] security debugging
feature is desirable
[security] security debugging feature is desirable
--------------------------------------------------
Key: HARMONY-2400
URL: http://issues.apache.org/jira/browse/HARMONY-2400
Project: Harmony
Issue Type: Wish
Components: Classlib
Reporter: Alexey Varlamov
Priority: Trivial
The RI provides debug tracing support for JSA/JAAS/JSSE, which can be turned on
via system keys. Though this valueable provision is not documented, it is of
sort "nice to have" features.
Here is detailed description (see also [1], [2]):
------------------------------------------------------------------------------
Debug tracing support is enabled and controlled through system properties which
can be set either programmatically or via the command line.
Values can be separated by a delimiter, such as a comma. The delimiter is not
required, but does enhance readability.
The following keys are recognized:
1) For JSA/JAAS, the system property java.security.debug with the following
values:
all -- turn on all debugging (equivalent to setting all of the modifiers
below)
access -- print all checkPermission results
combiner -- SubjectDomainCombiner debugging
jar -- jar verification
logincontext -- login context results
policy -- loading and granting
provider -- security provider debugging
scl -- permissions SecureClassLoader assigns
The following can be used with access:
stack -- include stack trace
domain -- dumps all domains in context
failure -- before throwing exception, dump stack and domain that didn't
have permission
2) For JSSE (Java Secure Sockets Extension) the system property javax.net.debug
with the following values:
all -- turn on all debugging (equivalent to setting all of the modifiers
below)
ssl -- turn on ssl debugging
The following can be used with ssl:
record -- enable per-record tracing
handshake -- print each handshake message
keygen -- print key generation data
session -- print session activity
defaultctx -- print default SSL initialization
sslctx -- print SSLContext tracing
sessioncache -- print session cache tracing
keymanager -- print key manager tracing
trustmanager -- print trust manager tracing
handshake debugging can be widened with:
data hex dump of each handshake message
verbose verbose handshake message printing
record debugging can be widened with:
plaintext hex dump of record plaintext
--------------------------------------------------------------------------------
[1] http://www.oreilly.com/catalog/javasec2/chapter/ch01.html
[2] http://java.sun.com/developer/onlineTraining/Security/Fundamentals/Security.html
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (HARMONY-2400) [classlib][security] security
debugging feature is desirable
Posted by "Alexey Petrenko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HARMONY-2400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexey Petrenko updated HARMONY-2400:
-------------------------------------
Summary: [classlib][security] security debugging feature is desirable (was: [security] security debugging feature is desirable)
> [classlib][security] security debugging feature is desirable
> ------------------------------------------------------------
>
> Key: HARMONY-2400
> URL: https://issues.apache.org/jira/browse/HARMONY-2400
> Project: Harmony
> Issue Type: Wish
> Components: Classlib
> Reporter: Alexey Varlamov
> Priority: Trivial
>
> The RI provides debug tracing support for JSA/JAAS/JSSE, which can be turned on
> via system keys. Though this valueable provision is not documented, it is of
> sort "nice to have" features.
> Here is detailed description (see also [1], [2]):
> ------------------------------------------------------------------------------
> Debug tracing support is enabled and controlled through system properties which
> can be set either programmatically or via the command line.
> Values can be separated by a delimiter, such as a comma. The delimiter is not
> required, but does enhance readability.
> The following keys are recognized:
> 1) For JSA/JAAS, the system property java.security.debug with the following
> values:
> all -- turn on all debugging (equivalent to setting all of the modifiers
> below)
> access -- print all checkPermission results
> combiner -- SubjectDomainCombiner debugging
> jar -- jar verification
> logincontext -- login context results
> policy -- loading and granting
> provider -- security provider debugging
> scl -- permissions SecureClassLoader assigns
> The following can be used with access:
> stack -- include stack trace
> domain -- dumps all domains in context
> failure -- before throwing exception, dump stack and domain that didn't
> have permission
> 2) For JSSE (Java Secure Sockets Extension) the system property javax.net.debug
> with the following values:
> all -- turn on all debugging (equivalent to setting all of the modifiers
> below)
> ssl -- turn on ssl debugging
> The following can be used with ssl:
> record -- enable per-record tracing
> handshake -- print each handshake message
> keygen -- print key generation data
> session -- print session activity
> defaultctx -- print default SSL initialization
> sslctx -- print SSLContext tracing
> sessioncache -- print session cache tracing
> keymanager -- print key manager tracing
> trustmanager -- print trust manager tracing
> handshake debugging can be widened with:
> data hex dump of each handshake message
> verbose verbose handshake message printing
> record debugging can be widened with:
> plaintext hex dump of record plaintext
> --------------------------------------------------------------------------------
> [1] http://www.oreilly.com/catalog/javasec2/chapter/ch01.html
> [2] http://java.sun.com/developer/onlineTraining/Security/Fundamentals/Security.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.