Chapter 3. TRACE Logging

To enable logging for JBoss Security and so also for the authenticator of JBoss Negotiation, do the following:
  1. Open the $JBOSS_HOME/server/$PROFILE/conf/jboss-log4j.xml
  2. Add the following to enable full TRACE logging for org.jboss.security: 
    <category name="org.jboss.security">
  <priority value="TRACE"/>
</category>
  3. Optionally allow additional logging for the com.sun.security.auth.module.Krb5LoginModule login module. To do so, set the debug option to true: 
    <module-option name="debug">true</module-option>
  4. Set the system property -Dsun.security.krb5.debug=true to get verbose output of the entire GSSAPI negotiation process.

3.1. Configuring Message Tracing

You can log the exchanged messages selectively at TRACE level. Both, the Request and Response messages, can be logged and that either as Hex or as Base64 or both.
The base category for message tracing is org.jboss.security.negotiation.MessageTrace. If you enable TRACE logging for this category, all request and response messages are logged at the TRACE level in both Hex and in Base64 encoding.

Example 3.1. Configuration for tracking all messages

<category name="org.jboss.security.negotiation.MessageTrace">
  <priority value="TRACE"/>
</category>
To reduce the logging to either just request or just response messages, append .Request or .Response to the category value.

Example 3.2. Configuration for tracking only request messages (messages are logged in both Hex and Base64)

<category name="org.jboss.security.negotiation.MessageTrace.Request">
  <priority value="TRACE"/>
</category>

Example 3.3. Configuration for tracking only response messages (messages are logged in both Hex and Base 64)

<category name="org.jboss.security.negotiation.MessageTrace.Response">
  <priority value="TRACE"/>
</category>
To have messages logged in a particular encoding, append .Hex or .Base64 to the category value.

Example 3.4. Message tracking with defined encoding

<category name="org.jboss.security.negotiation.MessageTrace.Request.Hex">
  <priority value="TRACE"/>
</category>

<category name="org.jboss.security.negotiation.MessageTrace.Request.Base64">
  <priority value="TRACE"/>
</category>

<category name="org.jboss.security.negotiation.MessageTrace.Response.Hex">
  <priority value="TRACE"/>
</category>

<category name="org.jboss.security.negotiation.MessageTrace.Response.Base64">
  <priority value="TRACE"/>
</category>