Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
1.2-M1
-
None
-
None
Description
In ArchivaServletAuthenticator:
log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest + ",permission=" + permission + ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() );
However, when deploying the client will send a request with no credentials first before receiving the challenge, and this is logged in the middle, which causes some confusion.
It should be removed altogether and possibly logged (maybe in a different audit location), but at a later stage where it is finally rejected.