8348986: Improve coverage of enhanced exception messages

src/java.base/share/classes/jdk/internal/util/Exceptions.java

@@ -39,21 +39,22 @@
 import jdk.internal.misc.VM;
 
 /**
- * Contains static utility methods which take an Exception
- * and return either the same exception or a new instance
- * of the same exception type with an "enhanced" message
- * description.
+ * Contains static utility methods which can filter exception
+ * message strings for sensitive information.
  *
  * Code using this mechanism should use one of the static throwException
  * methods below to generate and throw the exception in one method.
  * exception() methods are also provided to generate an exception which
  * then be modified before being thrown or used. Lastly, formatMsg()
  * can generate a formatted (enhanced or restricted) string only.
  *
+ * The methods above take variable numbers of SensitiveInfo objects
+ * as parameters which contain the text that may have to be filtered.
+ *
  * The SensitiveInfo objects should be generated with one of the following:
  *     public static SensitiveInfo filterLookupInfo(String host)
- *     public static SensitiveInfo filterSocketInfo(String host)
- *     public static SensitiveInfo filterNetInfo(String host)
+ *     public static SensitiveInfo filterSocketInfo(String s)
+ *     public static SensitiveInfo filterNetInfo(String s)
  *     public static SensitiveInfo filterJarName(String name)
  *     public static SensitiveInfo filterUserName(String name)
  */
@@ -78,7 +79,10 @@ private Exceptions() {}
      * Sub-class for any new category that needs to be independently
      * controlled. Consider using a unique value for the
      * SecurityProperties.includedInExceptions(String value) mechanism
-     * Current values defined are "socket", "jar" and "userInfo"
+     * Current values defined are "socket", "jar", "userInfo"
+     * "net", "addressLookup". The value "hostInfo" exists for
+     * compatibility and is the same as the combination of
+     * "socket,addressLookup,net"
      * New code can also piggy back on existing categories
      *
      * A SensitiveInfo contains the following components
@@ -122,7 +126,9 @@ public boolean enhanced() {
         }
 
         /**
-         * Implementation should call output(boolean)
+         * Implementation should call output(boolean flag)
+         * where flag contains the boolean value of whether
+         * the category is enabled or not.
          */
         public abstract String output();
 

src/java.base/share/conf/security/java.security

@@ -1295,11 +1295,10 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep
 # The property setting in this file can be overridden by a system property of
 # the same name, with the same syntax and possible values.
 #
-#jdk.includeInExceptions=hostInfo,jar,userInfo
+# If the property is not set or set to an empty string, then this is the most 
+# restricted setting with all categories disabled. The following is the default
+# (out of the box) setting, meaning these categories are not restricted.
 #
-# If the property is set to an empty string, then this is the most restricted
-# setting with all categories disabled. The following is the default
-# (out of the box) ssetting.
 jdk.includeInExceptions=addressLookup,net,userInfo
 #
 # Disabled mechanisms for the Simple Authentication and Security Layer (SASL)

test/jdk/com/sun/net/httpserver/simpleserver/CommandLineNegativeTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, 2025 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2021, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it