Troubleshooting Security

If you want to monitor security access, you can set the java.security.debug System property. To see a list of all debugging options, use the help setting:

java -Djava.security.debug=help

Note:

The following table lists java.security.debug options and links to further information about each option:

Option Description Further Information
all Turn on all debugging None
access

Print all results from the AccessController.checkPermission method.

You can use the following options with the access option:

  1. stack: Include stack trace
  2. domain: Dump all domains in context
  3. failure: Before throwing exception, dump stack and domain that do not have permission

You can use the following options with the stack and domain options:

  1. permission=<classname>: Only dump output if specified permission is being checked
  2. codebase=<URL>: Only dump output if specified codebase is being checked
certpath Turns on debugging for the PKIX CertPathValidator and CertPathBuilder implementations. You can use the ocsp option with the certpath option for OCSP protocol tracing. A hexadecimal dump of the OCSP request and response bytes is displayed.
combiner SubjectDomainCombiner debugging
configfile JAAS (Java Authentication and Authorization Service) configuration file loading
configparser JAAS configuration file parsing
gssloginconfig Java GSS (Generic Security Services) login configuration file debugging
jar JAR file verification

Note: Use the System property jdk.jar.maxSignatureFileSize to specify the maximum size, in bytes, of signature files in a signed JAR. Its default value is 16000000 (16 MB).

jca JCA engine class debugging
keystore Keystore debugging
logincontext LoginContext results
pcsc Java Smart Card I/O and SunPCSC provider debugging
pkcs11 PKCS11 session manager debugging
pkcs11keystore PKCS11 KeyStore debugging
pkcs12 PKCS12 KeyStore debugging None
properties java.security configuration file debugging None
policy Loading and granting permissions with policy file
provider Security provider debugging
scl Permissions SecureClassLoader assigns
sunpkcs11 SunPKCS11 provider debugging
ts Timestamping debugging None
x509 X.509 certificate debugging

Copyright © 1993, 2024, Oracle and/or its affiliates. All rights reserved.