How to troubleshoot issues with Java security settings applied to a TIBCO Streaming application

How to troubleshoot issues with Java security settings applied to a TIBCO Streaming application

book

Article ID: KB0072893

calendar_today

Updated On:

Products Versions
TIBCO Streaming 10.6 and later

Description

Some unexpected behavior is observed in a TIBCO Streaming application, which may related to Java security settings. How can we get more detailed logging on activities relating to Java security?
 

Resolution

The Java security settings are configured under $STREAMBASE_HOME/jdk/conf/security/java.security. To enable debug logging for the java.security configuration, set the 'java.security.debug' system property.

For example, set -Djava.security.debug=certpath to validate information on certificates used by the application. Sample debug output:
 
com.tibco.ep.dtm.stderr: certpath: X509CertSelector.match(SN: 66c9fcf99bf8c0a39e2f0788a43e696365bca
com.tibco.ep.dtm.stderr:   Issuer: CN=Amazon Root CA 1, O=Amazon, C=US
com.tibco.ep.dtm.stderr:   Subject: CN=Amazon Root CA 1, O=Amazon, C=US)
com.tibco.ep.dtm.stderr: certpath: X509CertSelector.match returning: true
com.tibco.ep.dtm.stderr: certpath: YES - try this trustedCert
com.tibco.ep.dtm.stderr: certpath: anchor.getTrustedCert().getSubjectX500Principal() = CN=Amazon Root CA 1, O=Amazon, C=US
com.tibco.ep.dtm.stderr: certpath: AlgorithmChecker.contains: SHA256withRSA
com.tibco.ep.dtm.stderr: certpath: AnchorCertificate.contains: matched CN=Amazon Root CA 1, O=Amazon, C=US

Set -Djava.security.debug=configfile to troubleshoot issues relating to a JAAS configuration (as used, for example, when using Kerberos SASL/SSL authentication).

Set -Djava.security.debug=keystore to get more details on any keystores being used by the application. Sample debug output:
 
com.tibco.ep.dtm.stderr: keystore: JavaKeyStore load: private key count: 0. trusted key count: 93
com.tibco.ep.dtm.stderr: keystore: Loaded a keystore in JKS format

Set -Djava.security.debug=pkcs12 to troubleshoot issues relating to key/trust stores in pkcs12 (*.p12) format.

For more details, follow Oracle's guidance on troubleshooting security-related issues.
 

Issue/Introduction

Discusses debug options for issues relating to the java.security settings for a TIBCO Streaming application.