[
http://jira.codehaus.org/browse/MRM-1244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=224461#action_224461
]
Wendy Smoak commented on MRM-1244:
----------------------------------
This is still a problem. I'm seeing this message repeatedly, and I still can't
tell what is being requested by who.
(I vaguely remember hearing that Maven first requests the artifact without
credentials, then re-sends the request with them if it fails. So perhaps most
of this is just the first request for things in password protected repos.)
If this is going to get logged at INFO then perhaps "Authorization Granted"
should be also?
Should this go in the audit log instead?
> Improve Authorization Denied log message
> ----------------------------------------
>
> Key: MRM-1244
> URL: http://jira.codehaus.org/browse/MRM-1244
> Project: Archiva
> Issue Type: Improvement
> Affects Versions: 1.2.2
> Reporter: Wendy Smoak
> Fix For: 1.4
>
>
> I see this in archiva.log
> 2009-09-02 08:05:42,086 [btpool0-0] INFO
> org.apache.maven.archiva.security.ArchivaServletAuthenticator -
> Authorization Denied
> [ip=127.0.0.1,permission=archiva-read-repository,repo=internal] : no matching
> permissions
> Can this message be improved to include
> 1. the file being accessed
> 2. the username that tried to access it
> ?
> Sometimes you can correlate times with the Jetty access log and figure it
> out. (In my environment it's usually the guest user missing a repo observer
> role.)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
