Merge pull request #5810 from vespa-engine/bjorncs/improve-logging

Improve logging where authorization fails
author: Bjørn Christian Seime <bjorn.christian@seime.no> 2018-05-08 10:34:46 +0200
committer: GitHub <noreply@github.com> 2018-05-08 10:34:46 +0200
commit: d7911658858efddf1478018968525d4cc4fa8d6e (patch)
tree: 658d088c285734da61b78642f21322fb8a70b049
parent: b4b4c1ecf20f30bd8702657e8377a6d09b92a880 (diff)
parent: f4e16261dcecd6b750ed9c82e97a3e740737998b (diff)
2 files changed, 3 insertions, 3 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java
index 09e002b580d..7a782f9de22 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java
@@ -67,7 +67,7 @@ public class AuthorizationFilter implements SecurityRequestFilter {
             if (hostIdentity == null)
                 return Optional.of(ErrorResponse.internalServerError(createErrorMessage(request, "Principal is missing. NodeIdentifierFilter has not been applied.")));
             if (!authorizer.test(hostIdentity, request.getUri()))
-                return Optional.of(ErrorResponse.forbidden(createErrorMessage(request, "Invalid credentials")));
+                return Optional.of(ErrorResponse.forbidden(createErrorMessage(request, "Invalid credentials: " + hostIdentity.toString())));
             request.setUserPrincipal(hostIdentity);
             return Optional.empty();
         } catch (NodeIdentifier.NodeIdentifierException e) {
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java
index c91aef36b5d..b5d2861e5a0 100644
--- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java
+++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java
@@ -35,11 +35,11 @@ public class AuthorizationFilterTest {
 
         tester.assertRequest(new Request(Method.GET, "/").commonName("foo"), 403,
                              "{\"error-code\":\"FORBIDDEN\",\"message\":\"GET / " +
-                             "denied for remote-addr: Invalid credentials\"}");
+                             "denied for remote-addr: Invalid credentials: NodePrincipal{identityName='foo', hostname='foo', type=LEGACY}\"}");
 
         tester.assertRequest(new Request(Method.GET, "/nodes/v2/node/foo").commonName("bar"),
                               403, "{\"error-code\":\"FORBIDDEN\",\"message\":\"GET /nodes/v2/node/foo " +
-                                   "denied for remote-addr: Invalid credentials\"}");
+                                   "denied for remote-addr: Invalid credentials: NodePrincipal{identityName='bar', hostname='bar', type=LEGACY}\"}");
 
         tester.assertSuccess(new Request(Method.GET, "/nodes/v2/node/foo").commonName("foo"));
     }
author	Bjørn Christian Seime <bjorn.christian@seime.no>	2018-05-08 10:34:46 +0200
committer	GitHub <noreply@github.com>	2018-05-08 10:34:46 +0200
commit	d7911658858efddf1478018968525d4cc4fa8d6e (patch)
tree	658d088c285734da61b78642f21322fb8a70b049
parent	b4b4c1ecf20f30bd8702657e8377a6d09b92a880 (diff)
parent	f4e16261dcecd6b750ed9c82e97a3e740737998b (diff)