Security errors are generally not helpful by design. If an error provides too much information, that information could be used to further advance an attack. This is fine for security, but makes troubleshooting security issues extra challenging.
XML errors generally prevent the application from deploying. These errors will be logged to the server log file. The exceptions logged are usually helpful and are rarely specific to WaveMaker, meaning that you can often apply search results from other projects to reported errors.
Enabling the debug logger for Acegi in
log4j.properties is a good first step in troubleshooting any security issue:
With this debugger logging enabled, all request processing against ...