I am currently working on remotely debugging how the security policy is applied to a deployment, it would be a lot easier if we had some TRACE level messages confirming the mapping that did or did not occur.

One place that could be useful is in the apply method of the ApplicationSecurityDomainService:

https://github.com/wildfly/wildfly/blob/main/undertow/src/main/java/org/wildfly/extension/undertow/ApplicationSecurityDomainDefinition.java#L463-L488

As a minimum it would be useful to identify which application-security-domain resource a deployment has been mapped to but other information about the mapping may be useful.

A second area that would be useful is in the UndertowDeploymentProcessor where we have block of code deciding how to apply the security policy:

https://github.com/wildfly/wildfly/blob/main/undertow/src/main/java/org/wildfly/extension/undertow/deployment/UndertowDeploymentProcessor.java#L305-L319

Capturing some of this decision and logging to TRACE would help understand what was applied.