You can use the option
-Djava.security.debug=<PARAM> where <PARAM> is one of the following all (turn on all debugging) access (print all checkPermission results) jar (jar verification) policy (loading and granting) scl (permission SecureClassLoader assigns)
The following can be used with access (for example access.domain):
stack (include stack trace) domain (dumps all domains in context) failure (before throwing exception, dump stack and domain that didn't have permission)
When you’re testing policy problems with the Java plug-in, you can go the the plug-in control panel and to Java Runtime Parameters:
However, when I tried this out (with Java plug-in) it crashed the browser (IE5.5) on several params. The parameter policy worked and gave me sufficient results to solve my problem.