Troubleshooting Security

If you want to monitor security access, you can set the java.security.debug System property. To see a list of all debugging options, use the help setting:

java -Djava.security.debug=help

Note:

Separate multiple options with a comma.
For more information, on debugging utilities please visit JSSE Reference Guide.

The following table lists java.security.debug options and links to further information about each option:

Option	Description	Further Information
`all`	Turn on all debugging	None
`access`	Print all results from the `AccessController.checkPermission` method. You can use the following options with the `access` option: `stack`: Include stack trace `domain`: Dump all domains in context `failure`: Before throwing exception, dump stack and domain that do not have permission You can use the following options with the `stack` and `domain` options: `permission=<classname>`: Only dump output if specified permission is being checked `codebase=<URL>`: Only dump output if specified codebase is being checked	Permissions
`certpath`	Turns on debugging for the PKIX `CertPathValidator` and `CertPathBuilder` implementations. You can use the `ocsp` option with the certpath option for OCSP protocol tracing. A hexadecimal dump of the OCSP request and response bytes is displayed.	Java PKI Programmer's Guide
`combiner`	`SubjectDomainCombiner` debugging	Permissions
`configfile`	JAAS (Java Authentication and Authorization Service) configuration file loading	Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges
`configparser`	JAAS configuration file parsing	Java Authentication and Authorization Service (JAAS) Reference Guide Use of JAAS Login Utility and Java GSS-API for Secure Message Exchanges
`gssloginconfig`	Java GSS (Generic Security Services) login configuration file debugging	Java Generic Security Services: (Java GSS) and Kerberos Introduction to JAAS and Java GSS-API Tutorials `javax.security.auth.login.Configuration`: A `Configuration` object is responsible for specifying which `LoginModules` should be used for a particular application, and in what order the `LoginModules` should be invoked. JAAS Login Configuration File Advanced Security Programming in Java SE Authentication, Secure Communication and Single Sign-On
`jar`	JAR file verification	Verifying Signed JAR Files from The Java Tutorials
`jca`	JCA engine class debugging	Engine Classes and Algorithms
`keystore`	Keystore debugging	Key Management The `KeyStore` class
`logincontext`	`LoginContext` results	Permissions
`pcsc`	Java Smart Card I/O and SunPCSC provider debugging	The `SunPCSC` Provider and the `javax.smartcardio` package
`pkcs11`	PKCS11 session manager debugging	PKCS#11 Reference Guide
`pkcs11keystore`	PKCS11 KeyStore debugging	PKCS#11 Reference Guide
`pkcs12`	PKCS12 KeyStore debugging	None
`properties`	`java.security` configuration file debugging	None
`policy`	Loading and granting permissions with policy file	Set up the Policy File to Grant the Required Permissions (Controlling Applications) from The Java Tutorials Set up a Policy File to Grant the Required Permission (Controlling Applets) from The Java Tutorials policytool (Solaris, Unix, or Mac OS X) policytool (Windows) Default Policy Implementation and Policy File Syntax
`provider`	Security provider debugging	The Security Manager from The Java Tutorials
`scl`	Permissions `SecureClassLoader` assigns	Permissions
`sunpkcs11`	SunPKCS11 provider debugging	PKCS#11 Reference Guide
`ts`	Timestamping debugging	None
`x509`	X.509 certificate debugging	X.509 Certificates and Certificate Revocation Lists (CRLs)