If you're working on a security scenario on glassfish, have been looking at signature validation failing the Nth time... and are ready to pull your hair out (whatever's left), it's time to sit back, take a deep breath and do some deeper thinking.
Security is not your enemy, its your friend, its just that you need to learn to communicate!
The language you can start babbling is that of (FINE grained) logging and HTTP dumping.
One way to do this is to open the file /domains/domain1/config/domain.xml and add the following lines to the jvm-options section:
And then start the server.
Well, a better and smarter alternative to the above (in my opinion) is to use the Glassfish admin tool to do the same thing and then ofcourse restart the server for the settings to take effect.
Trivia: Did you know you could use the admin tool to change glassfish's jvm-option settings?
The other thing you want to do is to configure fine grained logging for the security packages. Here's what I am talking about.
In his blog, Fabian talks about configuring logging in GlassFish 9.1 for the WS-Policy implementation.
Only, instead you now enter
com.sun.xml.ws.security.trust for trust,
com.sun.xml.ws.security.secconv for secure conversation,
com.sun.xml.wss.impl for xwss, and set the value FINE (or any other logging level that suits you) to any or all of these.
Thanks for reading. I hope this helped...