Archiva misleadingly logs an authorization error when deploying during the initial challenge stage

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Duplicate
  • Affects Version/s: 1.2-M1
  • Fix Version/s: None
  • Component/s: Users/Security, WebDAV Interface
  • Labels:
    None

Description

In ArchivaServletAuthenticator:

log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
  ",permission=" + permission + ",repo=" + repositoryId + "] : " +
  authzResult.getException().getMessage() );

However, when deploying the client will send a request with no credentials first before receiving the challenge, and this is logged in the middle, which causes some confusion.

It should be removed altogether and possibly logged (maybe in a different audit location), but at a later stage where it is finally rejected.

Issue Links

duplicates

Bug - A problem which impairs or prevents the functions of the product. MRM-897 confusing handling of browser-based webdav access for security

  • Minor - Minor loss of function, or other problem where easy workaround is present.
  • Open - The issue is open and ready for the assignee to start work on it.
is duplicated by

Improvement - An improvement or enhancement to an existing feature or task. MRM-1244 Improve Authorization Denied log message

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

There are no comments yet on this issue.

People

  • Assignee:
    Unassigned
    Reporter:
    Brett Porter
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: