ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Java Application Security
Pages: 1, 2, 3, 4, 5

Security Debugging

The Java security packages include debugging code that you can enable via a system property. The property in question is java.security.debug, and it may be set to the following values:

Turn on all the debugging options.
Trace all calls to the checkPermission( ) method of the access controller. This allows you to see which permissions your code is requesting, which calls are succeeding, and which ones are failing. This option has the following sub-options. If no sub-option is specified, then all are in force:
  • stack -- Dump the stack every time a permission is checked.
  • failure -- Dump the stack only when a permission is denied.
  • domain -- Dump the protection domain in force when a protection is checked.
  • jar -- When processing a signed jar file, print the signatures in the file, their certificates, and the classes to which they apply.
Print information about policy files as they are parsed, including their location in the filesystem, the permissions they grant, and the certificates they use for signed code.
Print information about the permissions granted directly by a secure class loader (rather than granted through a policy file).

These options should be given as a comma-separated list (including the sub-options for the access option). For example, to see the permissions granted by the secure class loader and see a stack trace when a permission check fails, you would specify -Djava.security.debug=scl,access,failure on the command line.

JSSE extends this facility by consulting the javax.net.debug property for the following options:

Turn on all options and sub-options.
Turn on SSL debugging. This option has the following sub-options (all of which are in force if none are specified):
Print a trace of each SSL record (at the SSL protocol level).
Print each handshake message as it is received.
Print key generation data for the secret key exchange.
Print SSL session activity.
Print the default SSL initialization information.
Print information about the SSL context.
Print information about the SSL session cache.
Print information about calls to the key manager.
Print information about calls to the trust manager.
For handshake tracing, print out a hex dump of each message.
For handshake tracing, print out verbose information.
For record tracing, print out a hex dump of the record.

As you progress through the samples in the book, you can turn various options on in order to see more information about what's going on.


Security is a multifaceted feature of the Java platform. There are a number of facilities within Java that allow you to write a Java application that implements a particular security policy, and this book will focus on each of those facilities in turn. These features are important within a Java-enabled browser, and they are also important with Java applications, particularly as applications become more distributed.

In addition, the security package allows us to create applications that use generic security features--such as digital signatures--for many purposes aside from expanding the Java sandbox. This other use of the security package will also be a constant theme throughout this book.

Return to ONJava.com.