diff --git a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
index db33f7f53c..b3fcd1f117 100644
--- a/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
@@ -123,15 +123,42 @@ public class BasicAuthenticationFilter extends HttpFilter
     if (Util.isNotEmpty(authentication)
         && authentication.toUpperCase().startsWith(AUTHORIZATION_BASIC_PREFIX))
     {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("found basic authorization header, start authentication");
+      }
+
       user = authenticate(request, response, securityContext, authentication);
+
+      if (logger.isTraceEnabled())
+      {
+        if (user != null)
+        {
+          logger.trace("user {} successfully authenticated", user.getName());
+        }
+        else
+        {
+          logger.trace("authentcation failed, user object is null");
+        }
+      }
     }
     else if (securityContext.isAuthenticated())
     {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("user is allready authenticated");
+      }
+
       user = securityContext.getUser();
     }
 
     if (user == null)
     {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("could not find user send unauthorized");
+      }
+
       HttpUtil.sendUnauthorized(response);
     }
     else
@@ -192,6 +219,11 @@ public class BasicAuthenticationFilter extends HttpFilter
 
       if (Util.isNotEmpty(username) && Util.isNotEmpty(password))
       {
+        if (logger.isTraceEnabled())
+        {
+          logger.trace("try to authenticate user {}", username);
+        }
+
         user = securityContext.authenticate(request, response, username,
                 password);
       }
diff --git a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
index a584c821e5..cb361d4437 100644
--- a/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
+++ b/scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java
@@ -150,6 +150,15 @@ public abstract class PermissionFilter extends HttpFilter
 
           if (hasPermission(repository, securityContext, writeRequest))
           {
+            if (logger.isTraceEnabled())
+            {
+              logger.trace("{} access to repository {} for user {} granted",
+                           new Object[] { writeRequest
+                                          ? "write"
+                                          : "read", repository.getName(),
+                                          user.getName() });
+            }
+
             chain.doFilter(request, response);
           }
           else
diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
index f17bb67494..cf1c78f97c 100644
--- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -124,9 +124,16 @@ public class BasicSecurityContext implements WebSecurityContext
                            HttpServletResponse response, String username,
                            String password)
   {
+    if ( logger.isTraceEnabled() ){
+      logger.trace("start authentication for user {}", username);
+    }
     AuthenticationResult ar = authenticator.authenticate(request, response,
                                 username, password);
 
+    if ( logger.isTraceEnabled() ){
+      logger.trace("authentication ends with {}", ar);
+    }
+    
     if ((ar != null) && (ar.getState() == AuthenticationState.SUCCESS))
     {
       authenticate(request, password, ar);
diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java b/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java
index fcdb2a4d06..2f51ef6cfe 100644
--- a/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java
@@ -130,6 +130,12 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
 
     if (ar == null)
     {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("no authentication result for user {} found in cache",
+                     username);
+      }
+
       ar = doAuthentication(request, response, username, password);
 
       if ((ar != null) && ar.isCacheable())
@@ -157,6 +163,11 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
   {
     for (AuthenticationHandler authenticator : authenticationHandlerSet)
     {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("close authenticator {}", authenticator.getClass());
+      }
+
       IOUtil.close(authenticator);
     }
   }
@@ -172,6 +183,11 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
   {
     for (AuthenticationHandler authenticator : authenticationHandlerSet)
     {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("initialize authenticator {}", authenticator.getClass());
+      }
+
       authenticator.init(context);
     }
 
@@ -200,8 +216,19 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
   {
     AuthenticationResult ar = null;
 
+    if (logger.isTraceEnabled())
+    {
+      logger.trace("start authentication chain for user {}", username);
+    }
+
     for (AuthenticationHandler authenticator : authenticationHandlerSet)
     {
+      if (logger.isTraceEnabled())
+      {
+        logger.trace("check authenticator {} for user {}",
+                     authenticator.getClass(), username);
+      }
+
       try
       {
         AuthenticationResult result = authenticator.authenticate(request,