Troubleshooting Security

To monitor security access, you can set the java.security.debug System property, which determines what trace messages are printed during execution.

To see a list of all debugging options, use the help option as follows. MyApp is any Java application. The java command prints the debugging options and then exits before running MyApp.

java -Djava.security.debug=help MyApp

Note:

• To use more than one option, separate options with a comma.
• JSSE also provides dynamic debug tracing support for SSL/TLS/DTLS troubleshooting. See Debugging Utilities.

The following table lists java.security.debug options and links to further information about each option:

Table 1-8 java.security.debug Options

Option	Description	Further Information
all	Turn on all the debugging options	None
access	Print all results from the AccessController.checkPermission method. You can use the following options with the access option: stack: Include stack trace domain: Dump all domains in context failure: Before throwing exception, dump stack and domain that do not have permission You can use the following options with the stack and domain options: permission=<classname>: Only dump output if specified permission is being checked codebase=<URL>: Only dump output if specified codebase is being checked	Permissions in the JDK
certpath	Turns on debugging for the PKIX CertPathValidator and CertPathBuilder implementations. Use the ocsp option with the certpath option for OCSP protocol tracing. A hexadecimal dump of the OCSP request and response bytes is displayed. You can use the following options with the certpath option: ocsp: Dump OCSP protocol exchanges verbose: Print additional debugging information	PKI Programmer's Guide Overview
combiner	SubjectDomainCombiner debugging	Permissions in the JDK
configfile	JAAS (Java Authentication and Authorization Service) configuration file loading	Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges
configparser	JAAS configuration file parsing	Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges
gssloginconfig	Java GSS (Generic Security Services) login configuration file debugging	Java Generic Security Services: (Java GSS) and Kerberos JAAS and Java GSS-API Tutorial javax.security.auth.login.Configuration: A Configuration object is responsible for specifying which javax.net.ssl.SSLEngine should be used for a particular application, and in what order the LoginModules should be invoked. Appendix B: JAAS Login Configuration File Advanced Security Programming in Java SE Authentication, Secure Communication and Single Sign-On
jar	JAR file verification	Verifying Signed JAR Files from The Java Tutorials
jca	JCA engine class debugging	Engine Classes and Algorithms
keystore	Keystore debugging	Keystores KeyStore
logincontext	LoginContext results	Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges
pkcs11	PKCS11 session manager debugging	PKCS#11 Reference Guide
pkcs11keystore	PKCS11 KeyStore debugging	PKCS#11 Reference Guide
pkcs12	PKCS12 KeyStore debugging	None
policy	Loading and granting permissions with policy file	Set up the Policy File to Grant the Required Permissions (Controlling Applications) from The Java Tutorials Default Policy Implementation and Policy File Syntax
provider	Security provider debugging The following options can be used with the provider option: engine=<engines> : The output is displayed only for a specified list of JCA engines. The supported values for <engines> are: Cipher KeyAgreement KeyGenerator KeyPairGenerator KeyStore Mac MessageDigest SecureRandom Signature	Java Cryptography Architecture (JCA) Reference Guide
scl	Permissions that SecureClassLoader assigns	Permissions in the JDK
securerandom	SecureRandom debugging	The SecureRandom Class
sunpkcs11	SunPKCS11 provider debugging	PKCS#11 Reference Guide
ts	Timestamping debugging	None