Uploaded image for project: 'Archiva'
  1. Archiva
  2. MRM-1114

Archiva misleadingly logs an authorization error when deploying during the initial challenge stage

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 1.2-M1
    • None
    • Users/Security, WebDAV Interface
    • None

    Description

      In ArchivaServletAuthenticator:

      log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
  ",permission=" + permission + ",repo=" + repositoryId + "] : " +
  authzResult.getException().getMessage() );

      However, when deploying the client will send a request with no credentials first before receiving the challenge, and this is logged in the middle, which causes some confusion.

      It should be removed altogether and possibly logged (maybe in a different audit location), but at a later stage where it is finally rejected.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MRM-897 confusing handling of browser-based webdav access for security

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. MRM-1244 Improve Authorization Denied log message

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              brett Brett Porter
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: