You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Wendy Smoak (JIRA)" <ji...@codehaus.org> on 2010/06/07 22:21:13 UTC
[jira] Commented: (MRM-1244) Improve Authorization Denied log
message
[ http://jira.codehaus.org/browse/MRM-1244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=224461#action_224461 ]
Wendy Smoak commented on MRM-1244:
----------------------------------
This is still a problem. I'm seeing this message repeatedly, and I still can't tell what is being requested by who.
(I vaguely remember hearing that Maven first requests the artifact without credentials, then re-sends the request with them if it fails. So perhaps most of this is just the first request for things in password protected repos.)
If this is going to get logged at INFO then perhaps "Authorization Granted" should be also?
Should this go in the audit log instead?
> Improve Authorization Denied log message
> ----------------------------------------
>
> Key: MRM-1244
> URL: http://jira.codehaus.org/browse/MRM-1244
> Project: Archiva
> Issue Type: Improvement
> Affects Versions: 1.2.2
> Reporter: Wendy Smoak
> Fix For: 1.4
>
>
> I see this in archiva.log
> 2009-09-02 08:05:42,086 [btpool0-0] INFO org.apache.maven.archiva.security.ArchivaServletAuthenticator - Authorization Denied [ip=127.0.0.1,permission=archiva-read-repository,repo=internal] : no matching permissions
> Can this message be improved to include
> 1. the file being accessed
> 2. the username that tried to access it
> ?
> Sometimes you can correlate times with the Jetty access log and figure it out. (In my environment it's usually the guest user missing a repo observer role.)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira