On Thu, 8 Jan 2026 21:27:18 GMT, Kieran Farrell <[email protected]> wrote:
>> The goal of this PR is to add a means of exposing security properties at >> runtime to aid the debugging security related issues/misconfigurations etc. >> Currently, only initial security properties set at start up can be exposed >> via the `InitialSecurityProperty` JFR event. >> >> This patch introduces a new jcmd diagnostic command `VM.properties`, which >> enables developers to print either the current system properties or security >> properties of a running Java process via command-line arguments (-system or >> -security). To avoid clutter within the jcmd command list, the old >> `VM.system_properties` command is hidden, but not removed so will not break >> existing usages. The implementation of each is shared to reduce duplication. > > Kieran Farrell has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 10 commits: > > - merge > - rm unused code > - Merge remote-tracking branch 'origin/master' into sec_props2 > - static helper method for both jcmd calls > - missing ) > - working with single arg > - updates > - update args > - two args -not yet tested > - initial patch > This patch introduces a new jcmd diagnostic command `VM.properties`, which > enables developers to print either the current system properties or security > properties of a running Java process via command-line arguments (-system or > -security). To avoid clutter within the jcmd command list, the old > `VM.system_properties` command is hidden, but not removed so will not break > existing usages. The implementation of each is shared to reduce duplication. Security properties are a somewhat niche set of non-system properties for the security/crypto area. They can't be set on the command line, need to use -Djava.security.properties==<url> to locate a properties file to augment the security properties defined in java.security. So very confusing to developers and maybe it's time to think about whether security properties make sense in 2026. As regards the proposal then my initial reaction is to keep it separate, meaning a security_properties rather than properties command. ------------- PR Comment: https://git.openjdk.org/jdk/pull/29124#issuecomment-3727870283
