Troubleshooting Security

If you want to monitor security access, you can set the java.security.debug System property. To see a list of all debugging options, use the help setting:

java -Djava.security.debug=help

Note:

The following table lists java.security.debug options and links to further information about each option:

Option Description Further Information
all Turn on all debugging  
access

Print all results from the AccessController.checkPermission method.

You can use the following options with the access option:

  1. stack: Include stack trace
  2. domain: Dump all domains in context
  3. failure: Before throwing exception, dump stack and domain that do not have permission

You can use the following options with the stack and domain options:

  1. permission=<classname>: Only dump output if specified permission is being checked
  2. codebase=<URL>: Only dump output if specified codebase is being checked
certpath Turns on debugging for the PKIX CertPathValidator and CertPathBuilder implementations. You can use the ocsp option with the certpath option for OCSP protocol tracing. A hexadecimal dump of the OCSP request and response bytes is displayed.
combiner SubjectDomainCombiner debugging
gssloginconfig Java GSS (Generic Security Services) login configuration file debugging
configfile JAAS (Java Authentication and Authorization Service) configuration file loading
configparser JAAS configuration file parsing
jar JAR file verification
logincontext LoginContext results
policy Loading and granting permissions with policy file
provider Security provider debugging
scl Permissions SecureClassLoader assigns

Copyright © 1993, 2014, Oracle and/or its affiliates. All rights reserved.