diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-05-08 10:34:46 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-08 10:34:46 +0200 |
commit | d7911658858efddf1478018968525d4cc4fa8d6e (patch) | |
tree | 658d088c285734da61b78642f21322fb8a70b049 | |
parent | b4b4c1ecf20f30bd8702657e8377a6d09b92a880 (diff) | |
parent | f4e16261dcecd6b750ed9c82e97a3e740737998b (diff) |
Merge pull request #5810 from vespa-engine/bjorncs/improve-logging
Improve logging where authorization fails
2 files changed, 3 insertions, 3 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java index 09e002b580d..7a782f9de22 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java @@ -67,7 +67,7 @@ public class AuthorizationFilter implements SecurityRequestFilter { if (hostIdentity == null) return Optional.of(ErrorResponse.internalServerError(createErrorMessage(request, "Principal is missing. NodeIdentifierFilter has not been applied."))); if (!authorizer.test(hostIdentity, request.getUri())) - return Optional.of(ErrorResponse.forbidden(createErrorMessage(request, "Invalid credentials"))); + return Optional.of(ErrorResponse.forbidden(createErrorMessage(request, "Invalid credentials: " + hostIdentity.toString()))); request.setUserPrincipal(hostIdentity); return Optional.empty(); } catch (NodeIdentifier.NodeIdentifierException e) { diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java index c91aef36b5d..b5d2861e5a0 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java @@ -35,11 +35,11 @@ public class AuthorizationFilterTest { tester.assertRequest(new Request(Method.GET, "/").commonName("foo"), 403, "{\"error-code\":\"FORBIDDEN\",\"message\":\"GET / " + - "denied for remote-addr: Invalid credentials\"}"); + "denied for remote-addr: Invalid credentials: NodePrincipal{identityName='foo', hostname='foo', type=LEGACY}\"}"); tester.assertRequest(new Request(Method.GET, "/nodes/v2/node/foo").commonName("bar"), 403, "{\"error-code\":\"FORBIDDEN\",\"message\":\"GET /nodes/v2/node/foo " + - "denied for remote-addr: Invalid credentials\"}"); + "denied for remote-addr: Invalid credentials: NodePrincipal{identityName='bar', hostname='bar', type=LEGACY}\"}"); tester.assertSuccess(new Request(Method.GET, "/nodes/v2/node/foo").commonName("foo")); } |