You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Brett Porter (JIRA)" <ji...@codehaus.org> on 2009/03/09 08:06:13 UTC
[jira] Created: (MRM-1114) Archiva misleadingly logs an
authorization error when deploying during the initial challenge stage
Archiva misleadingly logs an authorization error when deploying during the initial challenge stage
--------------------------------------------------------------------------------------------------
Key: MRM-1114
URL: http://jira.codehaus.org/browse/MRM-1114
Project: Archiva
Issue Type: Bug
Components: Users/Security, WebDAV interface
Affects Versions: 1.2-M1
Reporter: Brett Porter
In ArchivaServletAuthenticator:
{code}
log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
",permission=" + permission + ",repo=" + repositoryId + "] : " +
authzResult.getException().getMessage() );
{code}
However, when deploying the client will send a request with no credentials first before receiving the challenge, and this is logged in the middle, which causes some confusion.
It should be removed altogether and possibly logged (maybe in a different audit location), but at a later stage where it is finally rejected.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (MRM-1114) Archiva misleadingly logs an
authorization error when deploying during the initial challenge stage
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MRM-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter updated MRM-1114:
------------------------------
Fix Version/s: (was: Backlog)
1.4
> Archiva misleadingly logs an authorization error when deploying during the initial challenge stage
> --------------------------------------------------------------------------------------------------
>
> Key: MRM-1114
> URL: https://jira.codehaus.org/browse/MRM-1114
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security, WebDAV Interface
> Affects Versions: 1.2-M1
> Reporter: Brett Porter
> Fix For: 1.4
>
>
> In ArchivaServletAuthenticator:
> {code}
> log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
> ",permission=" + permission + ",repo=" + repositoryId + "] : " +
> authzResult.getException().getMessage() );
> {code}
> However, when deploying the client will send a request with no credentials first before receiving the challenge, and this is logged in the middle, which causes some confusion.
> It should be removed altogether and possibly logged (maybe in a different audit location), but at a later stage where it is finally rejected.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (MRM-1114) Archiva misleadingly logs an
authorization error when deploying during the initial challenge stage
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MRM-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter closed MRM-1114.
-----------------------------
Resolution: Duplicate
Fix Version/s: (was: 1.4)
> Archiva misleadingly logs an authorization error when deploying during the initial challenge stage
> --------------------------------------------------------------------------------------------------
>
> Key: MRM-1114
> URL: https://jira.codehaus.org/browse/MRM-1114
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security, WebDAV Interface
> Affects Versions: 1.2-M1
> Reporter: Brett Porter
>
> In ArchivaServletAuthenticator:
> {code}
> log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
> ",permission=" + permission + ",repo=" + repositoryId + "] : " +
> authzResult.getException().getMessage() );
> {code}
> However, when deploying the client will send a request with no credentials first before receiving the challenge, and this is logged in the middle, which causes some confusion.
> It should be removed altogether and possibly logged (maybe in a different audit location), but at a later stage where it is finally rejected.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (MRM-1114) Archiva misleadingly logs an
authorization error when deploying during the initial challenge stage
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter updated MRM-1114:
------------------------------
Fix Version/s: 1.x
> Archiva misleadingly logs an authorization error when deploying during the initial challenge stage
> --------------------------------------------------------------------------------------------------
>
> Key: MRM-1114
> URL: http://jira.codehaus.org/browse/MRM-1114
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security, WebDAV interface
> Affects Versions: 1.2-M1
> Reporter: Brett Porter
> Fix For: 1.x
>
>
> In ArchivaServletAuthenticator:
> {code}
> log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
> ",permission=" + permission + ",repo=" + repositoryId + "] : " +
> authzResult.getException().getMessage() );
> {code}
> However, when deploying the client will send a request with no credentials first before receiving the challenge, and this is logged in the middle, which causes some confusion.
> It should be removed altogether and possibly logged (maybe in a different audit location), but at a later stage where it is finally rejected.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira