This topic explains how to find out why access to a secured flow has been denied.
By default, security exceptions occurring in an input node are not processed in the same way as other errors (see Security exception processing). Security exceptions are not logged to the system event log, to prevent a security denial of service attack filling the logs and destabilizing the system.
This means that, by default, you cannot diagnose input node security exceptions in the same way as other errors. However, in a SecurityPEP node, a failing security operation causes a security exception to be raised, wrapped in a normal recoverable exception, which invokes the error handling that is provided by the message flow.
The following steps show you how to use the user trace to find out why access to a secured message flow has been denied: