Security errors are generally not helpful by design. If an error provides too much information, that information could be used to further advance an attack. This is fine for security, but makes troubleshooting security issues extra challenging.
XML errors generally prevent the application from deploying. These errors will be logged to the server log file. The exceptions logged are usually helpful and are rarely specific to WaveMaker, meaning that you can often apply search results from other projects to reported errors.
Enabling the debug logger for Acegi in log4j.properties
is a good first step in troubleshooting any security issue:
log4j.logger.org.acegisecurity=debug
With this debugger logging enabled, all request processing against the filterSecurityInterceptor
URL list is logged. This can be very helpful in tracking down why URL rules worked or didn't work as expected.
Finally, you might need to enable logging on another server. When using LDAP security for example, Acegi...