Chapter 3. TRACE Logging
To enable logging for JBoss Security and so also for the authenticator of JBoss Negotiation, do the following:
- Open the
$JBOSS_HOME/server/$PROFILE/conf/jboss-log4j.xml
- Add the following to enable full TRACE logging for
org.jboss.security
:<category name="org.jboss.security"> <priority value="TRACE"/> </category>
- Optionally allow additional logging for the
com.sun.security.auth.module.Krb5LoginModule
login module. To do so, set thedebug
option totrue
:<module-option name="debug">true</module-option>
- Set the system property
-Dsun.security.krb5.debug=true
to get verbose output of the entire GSSAPI negotiation process.
3.1. Configuring Message Tracing
You can log the exchanged messages selectively at TRACE level. Both, the Request and Response messages, can be logged and that either as Hex or as Base64 or both.
The base category for message tracing is
org.jboss.security.negotiation.MessageTrace
. If you enable TRACE logging for this category, all request and response messages are logged at the TRACE level in both Hex and in Base64 encoding.
Example 3.1. Configuration for tracking all messages
<category name="org.jboss.security.negotiation.MessageTrace"> <priority value="TRACE"/> </category>
To reduce the logging to either just request or just response messages, append
.Request
or .Response
to the category value.
Example 3.2. Configuration for tracking only request messages (messages are logged in both Hex and Base64)
<category name="org.jboss.security.negotiation.MessageTrace.Request"> <priority value="TRACE"/> </category>
Example 3.3. Configuration for tracking only response messages (messages are logged in both Hex and Base 64)
<category name="org.jboss.security.negotiation.MessageTrace.Response"> <priority value="TRACE"/> </category>
To have messages logged in a particular encoding, append
.Hex
or .Base64
to the category value.
Example 3.4. Message tracking with defined encoding
<category name="org.jboss.security.negotiation.MessageTrace.Request.Hex"> <priority value="TRACE"/> </category> <category name="org.jboss.security.negotiation.MessageTrace.Request.Base64"> <priority value="TRACE"/> </category> <category name="org.jboss.security.negotiation.MessageTrace.Response.Hex"> <priority value="TRACE"/> </category> <category name="org.jboss.security.negotiation.MessageTrace.Response.Base64"> <priority value="TRACE"/> </category>