diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-07 20:22:00 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-07 20:22:00 +0200 |
commit | f4e16261dcecd6b750ed9c82e97a3e740737998b (patch) | |
tree | 5f11d9531c7448a8941bc2de1c8acf69e298eea9 /node-repository | |
parent | da574277c6c821dcc0e5fd6b2dbdd076d22cf843 (diff) |
Improve logging where authorization fails
Diffstat (limited to 'node-repository')
2 files changed, 3 insertions, 3 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java index 09e002b580d..7a782f9de22 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java @@ -67,7 +67,7 @@ public class AuthorizationFilter implements SecurityRequestFilter { if (hostIdentity == null) return Optional.of(ErrorResponse.internalServerError(createErrorMessage(request, "Principal is missing. NodeIdentifierFilter has not been applied."))); if (!authorizer.test(hostIdentity, request.getUri())) - return Optional.of(ErrorResponse.forbidden(createErrorMessage(request, "Invalid credentials"))); + return Optional.of(ErrorResponse.forbidden(createErrorMessage(request, "Invalid credentials: " + hostIdentity.toString()))); request.setUserPrincipal(hostIdentity); return Optional.empty(); } catch (NodeIdentifier.NodeIdentifierException e) { diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java index c91aef36b5d..b5d2861e5a0 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java @@ -35,11 +35,11 @@ public class AuthorizationFilterTest { tester.assertRequest(new Request(Method.GET, "/").commonName("foo"), 403, "{\"error-code\":\"FORBIDDEN\",\"message\":\"GET / " + - "denied for remote-addr: Invalid credentials\"}"); + "denied for remote-addr: Invalid credentials: NodePrincipal{identityName='foo', hostname='foo', type=LEGACY}\"}"); tester.assertRequest(new Request(Method.GET, "/nodes/v2/node/foo").commonName("bar"), 403, "{\"error-code\":\"FORBIDDEN\",\"message\":\"GET /nodes/v2/node/foo " + - "denied for remote-addr: Invalid credentials\"}"); + "denied for remote-addr: Invalid credentials: NodePrincipal{identityName='bar', hostname='bar', type=LEGACY}\"}"); tester.assertSuccess(new Request(Method.GET, "/nodes/v2/node/foo").commonName("foo")); } |