https://bz.apache.org/bugzilla/show_bug.cgi?id=62136
--- Comment #1 from Eric Covener <[email protected]> --- the logging may be misleading in this configuration, but the behavior is working as designed. "satisfy any" means that only one of access control and authentication/ authorization need to permit the user. You didn't configure any restrictions on the latter, so the request is accepted. When the former is failing access control, it doesn't know if/how the result will be rolled up. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
