=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/SpringSecurityActionAccessResolver.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/SpringSecurityActionAccessResolver.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/SpringSecurityActionAccessResolver.java	2014-06-16 11:40:29 +0000
@@ -52,7 +52,7 @@
 public class SpringSecurityActionAccessResolver
     implements ActionAccessResolver
 {
-    private static final Log LOG = LogFactory.getLog( SpringSecurityActionAccessResolver.class );
+    private static final Log log = LogFactory.getLog( SpringSecurityActionAccessResolver.class );
 
     // -------------------------------------------------------------------------
     // Dependencies
@@ -122,19 +122,19 @@
                     .getAttributes( actionConfig ) );
             }
 
-            LOG.debug( "Access to [" + module + ", " + name + "]: TRUE" );
+            log.debug( "Access to [" + module + ", " + name + "]: TRUE" );
 
             return true;
         }
         catch ( AccessDeniedException e )
         {
-            LOG.debug( "Access to [" + module + ", " + name + "]: FALSE (access denied)" );
+            log.debug( "Access to [" + module + ", " + name + "]: FALSE (access denied)" );
 
             return false;
         }
         catch ( InsufficientAuthenticationException e )
         {
-            LOG.debug( "Access to [" + module + ", " + name + "]: FALSE (insufficient authentication)" );
+            log.debug( "Access to [" + module + ", " + name + "]: FALSE (insufficient authentication)" );
 
             return false;
         }

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/webportal/module/DefaultModuleManager.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/webportal/module/DefaultModuleManager.java	2014-06-02 13:32:03 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/webportal/module/DefaultModuleManager.java	2014-06-16 11:40:29 +0000
@@ -245,16 +245,24 @@
     
     private List<Module> getAccessibleModules( List<Module> modules )
     {
-        List<Module> list = new ArrayList<Module>();
+        List<Module> allowed = new ArrayList<Module>();
         
         for ( Module module : modules )
         {
             if ( module != null && actionAccessResolver.hasAccess( module.getName(), defaultActionName ) )
             {
-                list.add( module );
+                allowed.add( module );
             }
         }
         
-        return list;
+        if ( modules.size() > allowed.size() )
+        {
+            List<Module> denied = new ArrayList<Module>( modules );
+            denied.removeAll( allowed );
+            
+            log.info( "User denied access to modules: " + denied ); //TODO reduce log level
+        }
+        
+        return allowed;
     }
 }

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/webportal/module/Module.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/webportal/module/Module.java	2014-06-03 07:08:08 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/webportal/module/Module.java	2014-06-16 11:40:29 +0000
@@ -183,7 +183,7 @@
             return false;
         }
         
-        if ( getClass() != object.getClass() )
+        if ( !getClass().isAssignableFrom( object.getClass() ) )
         {
             return false;
         }