Security Debugging
The
Java security packages include debugging code that you can enable via a system
property.
The property in question is java.security.debug, and it may be set to the
following values:
all
Turn on all the debugging
options.
access
Trace all calls to the checkPermission(
) method
of the access controller. This allows you to see which permissions your code is
requesting, which calls are succeeding, and which ones are failing.
This option has the following
sub-options. If no sub-option is specified, then all are in force:
stack
Dump the stack every time a
permission is checked.
failure
Dump the stack only when a
permission is denied.
domain
Dump the protection domain in
force when a protection is checked.
jar
When processing a signed jar file,
print the signatures in the file, their certificates, and the classes to which
they apply.
policy
Print information about policy
files as they are parsed, including their location in the filesystem, the
permissions they grant, and the certificates they use for signed code.
scl
Print information about the
permissions granted directly by a secure class loader (rather than granted
through a policy file).
These
options should be given as a comma-separated list (including the sub-options
for the access option).
For example, to see the permissions granted by the
secure class loader and see a stack trace when a permission check fails, you
would specify -Djava.security.debug=scl,access,failure on the command line.
JSSE
extends this facility by consulting the javax.net.debug property for the following
options:
all
Turn on all options and
sub-options.
ssl
Turn on SSL debugging. This
option has the following sub-options (all of which are in force if none are
specified):
record
Print a trace of each SSL
record (at the SSL protocol level).
handshake
Print each handshake message as
it is received.
keygen
Print key generation data for
the secret key exchange.
session
Print SSL session activity.
defaultctx
Print the default SSL
initialization information.
sslctx
Print information about the SSL
context.
sessioncache
Print information about the SSL
session cache.
keymanager
Print information about calls
to the key manager.
trustmanager
Print information about calls
to the trust manager.
data
For handshake tracing, print out
a hex dump of each message.
verbose
For handshake tracing, print
out verbose information.
plaintext
For record tracing, print out a
hex dump of the record.
packet
It will print raw SSL / TLS
packets
Examples
- To view all debugging messages:
java -Djavax.net.debug=all MyApp
- To view the hexadecimal dumps of
each handshake message, you can type the following, where the colons are
optional:
java -Djavax.net.debug=ssl:handshake:data MyApp
- To view the hexadecimal dumps of
each handshake message, and to print trust manager tracing, you can type
the following, where the commas are optional:
java -Djavax.net.debug=SSL,handshake,data,trustmanager MyApp
0 Comments