Debugging Java Security


When working with java.security packages it is handy to have a tool that would switch on some debugging information about stuff going on inside. Helpfully security classes already contain such debugging calls.

These calls can be enabled via setting -Djava.security.debug=option(,option) system property.

Options can be listed using sun.security.util.Debug.Help() static method call, that prints all the available options to the std.err stream.


The available options are listed in the table.

java.security.debug options list
Option
Description
all Turn on all the debugging options
access Print all checkPermission results
The following can be used with access:
stack Include stack trace for each permission check.
dump Dump all protection domains in context on each permission check.
failure Before throwing exception, dump stack and and domain that didn't have permission.

The following can be used with stack and domain to filter debugging output:
permission= Only dump output if specified permission is being checked.
codebase= Only dump output if specified codebase is being checked.
combiner SubjectDomainCombiner debugging
gssloginconfig GSS LoginConfigImpl debugging
jar Jar verification
logincontext Login context results
policy Loading and granting security policies
provider Security provider debugging
scl Permissions SecureClassLoader assigns


Note: Separate multiple options with a comma.

Warning: Switching on the options listed above generates large amount of debugging output and can seriously affect the application performance.

Comments

Popular posts from this blog

Machine Learning Project Tips

Java Cli Toolbox