Security Debugging

The Java security packages include debugging code that you can enable via a system property. The property in question is java.security.debug , and it may be set to the following values:

all: Turn on all the debugging options.
access: Trace all calls to the checkPermission( )method of the access controller. This allows you to see whichpermissions your code is requesting, which calls are succeeding, andwhich ones are failing.; This option has the following sub-options. If no sub-option is specified, then all are in force:
stack: Dump the stack every time a permission is checked.
failure: Dump the stack only when a permission is denied.
domain: Dump the protection domain in force when a protection is checked.
jar: When processing a signed jar file, print the signatures in the file, their certificates, and the classes to which they apply.
policy: Print information about policy files as theyare parsed, including their location in the filesystem, the permissionsthey grant, and the certificates they use for signed code.
scl: Print information about the permissions granted directly by a secure class loader (rather than granted through a policy file).

These options should be given as a comma-separated list (including the sub-options for the access option). For example, to see the permissions granted by the secure class loader and see a stack trace when a permission check fails, you would specify -Djava.security.debug=scl,access,failure on the command line.

JSSE extends this facility by consulting the javax.net.debug property for the following options:

all: Turn on all options and sub-options.
ssl: Turn on SSL debugging. This option has the following sub-options (all of which are in force if none are specified):
record: Print a trace of each SSL record (at the SSL protocol level).
handshake: Print each handshake message as it is received.
keygen: Print key generation data for the secret key exchange.
session: Print SSL session activity.
defaultctx: Print the default SSL initialization information.
sslctx: Print information about the SSL context.
sessioncache: Print information about the SSL session cache.
keymanager: Print information about calls to the key manager.
trustmanager: Print information about calls to the trust manager.
data: For handshake tracing, print out a hex dump of each message.
verbose: For handshake tracing, print out verbose information.
plaintext: For record tracing, print out a hex dump of the record.

Note, suboptions and options should be seperated by comma, for example, -Djavax.net.debug=ssl,handshake.

本站仅提供存储服务，所有内容均由用户发布，如发现有害或侵权内容，请点击举报。