Troubleshooting Security
To monitor security access, you can set the
java.security.debug
System property, which determines what trace
messages are printed during execution.
To see a list of all debugging options, use the help
option as
follows. MyApp
is any Java
application. The java
command prints the debugging options and then
exits before running MyApp
.
java -Djava.security.debug=help MyApp
Note:
- To use more than one option, separate options with a comma.
- JSSE also provides dynamic debug tracing support for SSL/TLS/DTLS troubleshooting. See Debugging Utilities.
The following table lists java.security.debug
options and links to further information about each option:
Table 1-8 java.security.debug
Options
Option | Description | Further Information |
---|---|---|
all |
Turn on all the debugging options | None |
access |
Print all results from the You can use the following options with the
You can use the following options with the
|
Permissions in the JDK |
certpath |
Turns on debugging for the PKIX You can use the following options with the
|
PKI Programmer's Guide Overview |
combiner |
debugging
|
Permissions in the JDK |
configfile |
JAAS (Java Authentication and Authorization Service) configuration file loading |
Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges |
configparser |
JAAS configuration file parsing |
Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges |
gssloginconfig |
Java GSS (Generic Security Services) login configuration file debugging |
Java Generic Security Services: (Java GSS) and Kerberos JAAS and Java GSS-API Tutorial
Appendix B: JAAS Login Configuration File Advanced Security Programming in Java SE Authentication, Secure Communication and Single Sign-On |
jar |
JAR file verification |
Verifying Signed JAR Files from The Java Tutorials Note: Use the System propertyjdk.jar.maxSignatureFileSize to
specify the maximum size, in bytes, of signature files in a
signed JAR. Its default value is 16000000 (16
MB).
|
jca
|
JCA engine class debugging | |
keystore
|
Keystore debugging | |
logincontext |
results
|
Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges |
pcsc |
Java Smart Card I/O and SunPCSC provider debugging | The SunPCSC Provider and the javax.smartcardio package
|
pkcs11 |
PKCS11 session manager debugging | |
pkcs11keystore |
PKCS11 KeyStore debugging | |
pkcs12 |
PKCS12 KeyStore debugging | None |
policy |
Loading and granting permissions with policy file |
Set up the Policy File to Grant the Required Permissions (Controlling Applications) from The Java Tutorials |
properties |
java.security configuration file
debugging
|
None |
provider |
Security provider debugging
The following options can be used with the provider option:
The supported values for <engines> are:
|
Java Cryptography Architecture (JCA) Reference Guide |
scl |
Permissions that SecureClassLoader assigns
|
Permissions in the JDK |
securerandom |
SecureRandom debugging | The SecureRandom Class |
sunpkcs11 |
SunPKCS11 provider debugging | PKCS#11 Reference Guide |
ts |
Timestamping debugging | None |
x509 |
X.509 certificate debugging | X.509 Certificates and Certificate Revocation Lists (CRLs) |