I create an audit provider which can capture any authentication errors and store them in the MBean as a map (id=errorcode). So inside the app, you can easily get the errors by accessing the MBean. It works also in cluster env.
The error msg is removed right after it's retrieved.
Any comments are welcome.