Troubleshooting Security
To monitor security access, you can set the
java.security.debug
System property, which determines what trace
messages are printed during execution. In addition, you can specify the option
-XshowSettings:security
option in the java
command to
view security properties, security providers, and TLS-related settings.
The java.security.debug System Property
To see a list of all debugging options, use the help
option
as follows. MyApp
is any Java application.
The java
command prints the debugging options and then exits before running
MyApp
.
java -Djava.security.debug=help MyApp
Note:
- To use more than one option, separate options with a comma.
- JSSE also provides dynamic debug tracing support for SSL/TLS/DTLS troubleshooting. See Debugging Utilities.
The following table lists java.security.debug
options and
links to further information about each option:
Table 1-8 java.security.debug
Options
Option | Description | Further Information |
---|---|---|
all |
Turn on all the debugging options | None |
access |
Print all results from the You can use the following options with the
You can use the following options with the
|
Permissions in the JDK |
certpath |
Turns on debugging for the PKIX You can use the following options with the
|
PKI Programmer's Guide Overview |
combiner |
debugging
|
Permissions in the JDK |
configfile |
JAAS (Java Authentication and Authorization Service) configuration file loading |
Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges |
configparser |
JAAS configuration file parsing |
Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges |
gssloginconfig |
Java GSS (Generic Security Services) login configuration file debugging |
Java Generic Security Services: (Java GSS) and Kerberos JAAS and Java GSS-API Tutorial
Appendix B: JAAS Login Configuration File Advanced Security Programming in Java SE Authentication, Secure Communication and Single Sign-On |
jar |
JAR file verification |
Verifying Signed JAR Files from The Java Tutorials Note: Use the System propertyjdk.jar.maxSignatureFileSize to specify
the maximum size, in bytes, of signature files in a signed JAR. Its
default value is 16000000 (16 MB).
|
jca
|
JCA engine class debugging | |
keystore
|
Keystore debugging | |
logincontext |
results
|
Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges |
pcsc |
Java Smart Card I/O and SunPCSC provider debugging | The SunPCSC Provider and the javax.smartcardio package
|
pkcs11 |
PKCS11 session manager debugging | |
pkcs11keystore |
PKCS11 KeyStore debugging | |
pkcs12 |
PKCS12 KeyStore debugging | None |
policy |
Loading and granting permissions with policy file |
Set up the Policy File to Grant the Required Permissions (Controlling Applications) from The Java Tutorials |
properties |
java.security configuration file debugging
|
None |
provider |
Security
provider debugging
The following options can be used with the provider option:
The supported values for <engines> are:
|
Java Cryptography Architecture (JCA) Reference Guide |
scl |
Permissions that SecureClassLoader assigns
|
Permissions in the JDK |
securerandom |
SecureRandom debugging | The SecureRandom Class |
sunpkcs11 |
SunPKCS11 provider debugging | PKCS#11 Reference Guide |
ts |
Timestamping debugging | None |
x509 |
X.509 certificate debugging | X.509 Certificates and Certificate Revocation Lists (CRLs) |
The java -XshowSettings:security Option
You can specify the option -XshowSettings:security
option
in the java
command to view security properties, security providers, and
TLS-related settings. The option shows third-party security provider details if they are
included in the application class path or module path and such providers are configured in
the java.security
file.
In addition, you can specify -XshowSettings:security:<subcategory>
where <subcategory>
is one of the following:
all
: show all security settingsproperties
: show security propertiesproviders
: show static security provider settingstls
: show TLS-related security settings