Improve Shiro logging

[alondhe]

Expected behavior

Authentication debugging info and errors should be available in WebAPI logs.

Actual behavior

We do not have enough debugging information about the authentication attempt, nor do we see the authentication errors. Only see it fails in Atlas.

Steps to reproduce behavior

Set up authenticated WebAPI, see no debug info. Set it up with faulty settings, you won't see the full error trace.

[alondhe]

To clarify: the initial connection to the auth provider when starting WebAPI up is what's missing here. Sites deploying WebAPI with security cannot debug why the initial shiro connection to their auth provider isn't working.

[anthonysena]

@alondhe - can you elaborate more on which type(s) of authentication mechanisms require additional logging? We are discussing this issue on the Atlas WG and its unclear how to take action on this? We've currently marked this for the v2.15 backlog but its unclear what should be done.