Show Table of Contents
14.2. Debugging Security Policy Issues
You can enable debugging information to help you troubleshoot security policy-related issues. The
java.security.debug option configures the level of security-related information reported.
The command
java -Djava.security.debug=help will produce help output with the full range of debugging options. Setting the debug level to all is useful when troubleshooting a security-related failure whose cause is completely unknown, but for general use it will produce too much information. A sensible general default is access:failure .
Procedure 14.2. Enable general debugging
This procedure will enable a sensible general level of security-related debug information.
- Add the following line to the file
run.conf(Linux), orrun.conf.bat(Windows):LinuxJAVA_OPTS="$JAVA_OPTS -Djava.security.debug=access:failure"
WindowsJAVA_OPTS="%JAVA_OPTS% -Djava.security.debug=access:failure"
14.2.1. Debugging Security Manager
Note
The Debugging Security Manager was introduced with JBoss Enterprise Application Platform 5.1
The Debugging Security Manager
org.jboss.system.security.DebuggingJavaSecurityManager prints out the protection domain corresponding to a failing permission. This additional information is very useful information when debugging permissions problems.
Procedure 14.3. Enable the Debugging Security Manager
This procedure will enable the Debugging Security Manager.
- Add the following option to
$JBOSS_HOME/bin/run.conf(Linux) or$JBOSS_HOME/bin/run.conf.bat. See Configuration File for the location of this file.LinuxJAVA_OPTS="$JAVA_OPTS -Djava.security.manager=org.jboss.system.security.DebuggingJavaSecurityManager"
WindowsJAVA_OPTS="%JAVA_OPTS% -Djava.security.manager=org.jboss.system.security.DebuggingJavaSecurityManager"
- Comment out all other
java.security.managerreferences in the file. - Ensure that the file still contains a
java.security.policyoption specifying the policy file to use - Enable general debugging following the instruction in Procedure 14.2, “Enable general debugging”.
Note
The Debugging Security Manager has a significance performance cost. Do not use it in general production.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.