you're mostly likely aware of this debug option but the
java.security.debug option allows 'access' which should give you alot
more information about each permission check that's been made. Maybe
it's a case of scanning the output for permissions not checked and
seeing if they're really necessary in your policy file.
https://docs.oracle.com/javase/8/docs/technotes/guides/security/troubleshooting-security.html
Regards,
Sean.
On 21/06/17 12:53, Sean Mullan wrote:
On 6/21/17 3:05 AM, Weijun Wang wrote:
Suppose I have a Java program running with a security manager and a
policy file. There are quite a lot of permissions granted in the
policy file but maybe not all of them are necessary.
Is there a way I can find out which one is not needed?
I don't know of any easy way to do that, other than code inspection
and writing tests that exercise different code paths.
--Sean
I tried to write my own security manager to remember all permission
objects checked and then compare it with the policy file, but if the
policy file has permissions granted to different codebases, I cannot
tell which one is for which.
Thanks
Max