124 Novell Access Manager 3.1 SP2 J2EE Agent Guidenovdocx (en) 16 April 20109.10 JBoss and SSLIf you want to restrict access to SSL on JBoss, you need to either disable the HTTP port in JBoss andenable only the SSL port or configure SSL in the web.xml file. It is not enough to select RequireSSL on the Protected Web Resource page. In the Administration Console, click Devices > J2EEAgents > Edit > Manage authorization policies > [Name of Web Module] > [Name of ProtectedResource].9.11 Viewing Log FilesThe J2EE agent logs messages to the J2EE server log files. For verbose messages, including policyevaluation messages, you need to enable tracing. In the Administration Console, click Devices >J2EE Agents > Edit > Enable tracing.The location of the log files for each J2EE server is implementation-specific: JBoss Server: For a JBoss server, the log messages are logged to the $JBOSS_HOME/log/jboss.log file if you launched the JBoss server by using the run.sh script found in the binfolder. Messages are also sent to the console, so you should check the console or the$JBOSS_HOME/server/default/log/server.log file. WebSphere Server: For a WebSphere server, the log messages are logged to files in the$WAS_BaseDir/profiles/$ProfileName/logs directory. Check the SystemOut.log andSystemErr.log files. WebLogic Server: For a WebLogic server, the log messages are sent to standard out. If youlaunch the server in a console window, the messages appear in this window. If you want themessages logged to the server log file, you need to configure the server to send standard out tothis file. This can be done from the WebLogic Administration Server console application in theLogging tab under Servers.9.12 Troubleshooting Access ControlWhen a user requests access to a resource protected by the J2EE Agent, the request flows throughthe policy enforcement points illustrated in Figure 9-1.