JAAS security @ WebLogic

This may be a valuable tip for anyone struggling with custom JAAS-based security on Oracle WebLogic. Apart from tiresome JPDA debugging of custom authenticators or even server's code there is one nifty feature available: debug logging.

To enable some in-depth information logging, one needs to navigate to:

Servers -> [server name] -> Debug

There are two main categories: default and weblogic. For security debugging, the latter is interesting. Typically I enable following:

• default -> security -> DebugSecurity


• default -> security -> realm -> DebugSecurityRealm


• default -> security -> realm -> DebugSecurityService

With those active, your console output will be filled with lots of debug data. Picking useful information is a somewhat different story.. ;-)