Search
SupportConsoleDevelopersStart a trialContact

14.2. Debugging Security Policy Issues

download PDF
You can enable debugging information to help you troubleshoot security policy-related issues. The java.security.debug option configures the level of security-related information reported.
The command java -Djava.security.debug=help will produce help output with the full range of debugging options. Setting the debug level to all is useful when troubleshooting a security-related failure whose cause is completely unknown, but for general use it will produce too much information. A sensible general default is access:failure .

Procedure 14.2. Enable general debugging

This procedure will enable a sensible general level of security-related debug information.
  • Add the following line to the file run.conf (Linux), or run.conf.bat (Windows):
    Linux

    JAVA_OPTS="$JAVA_OPTS -Djava.security.debug=access:failure"

    Windows

    JAVA_OPTS="%JAVA_OPTS% -Djava.security.debug=access:failure"

14.2.1. Debugging Security Manager

Note

The Debugging Security Manager was introduced with JBoss Enterprise Application Platform 5.1
The Debugging Security Manager org.jboss.system.security.DebuggingJavaSecurityManager prints out the protection domain corresponding to a failing permission. This additional information is very useful information when debugging permissions problems.

Procedure 14.3. Enable the Debugging Security Manager

This procedure will enable the Debugging Security Manager.
  1. Add the following option to $JBOSS_HOME/bin/run.conf (Linux) or $JBOSS_HOME/bin/run.conf.bat. See Configuration File for the location of this file.
    Linux

    JAVA_OPTS="$JAVA_OPTS -Djava.security.manager=org.jboss.system.security.DebuggingJavaSecurityManager"

    Windows

    JAVA_OPTS="%JAVA_OPTS% -Djava.security.manager=org.jboss.system.security.DebuggingJavaSecurityManager"

  2. Comment out all other java.security.manager references in the file.
  3. Ensure that the file still contains a java.security.policy option specifying the policy file to use
  4. Enable general debugging following the instruction in Procedure 14.2, “Enable general debugging”.

Note

The Debugging Security Manager has a significance performance cost. Do not use it in general production.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.