Key: |
QB-3566
|
Type: |
Improvement
|
Status: |
Resolved
|
Resolution: |
Fixed
|
Priority: |
Major
|
Assignee: |
Unassigned
|
Reporter: |
Jedrzej Buraczewski
|
Votes: |
0
|
Watchers: |
0
|
If you were logged in you would be able to see more operations.
|
|
|
QuickBuild
Created: 06/May/20 08:59 AM
Updated: 05/Jun/20 12:16 PM
|
|
Component/s: |
None
|
Affects Version/s: |
10.0.11
|
Fix Version/s: |
10.0.16
|
|
Original Estimate:
|
Unknown
|
Remaining Estimate:
|
Unknown
|
Time Spent:
|
Unknown
|
|
After adding anonymous group to QB it starts to log following error for every REST call which requires authorization:
ERROR com.pmease.quickbuild.rest.providers.AccessDeniedExceptionMapper - Access denied when accessing restful service.
It wouldn't be as that bad but this event is registered before user have possibility to login.
It makes log file bigger than necessary and it's not descriptive as we still don't know who tried to login and what call was it.
My proposition:
a) move access logs to dedicated file other than quickbuild.log and console.log
b) add IP address and the URL which was tried to reach
c) decrease ERROR log level to INFO
d) optional: think if it possible to don't write info about accessing rest api when user logged successfully immediately
|
Description
|
After adding anonymous group to QB it starts to log following error for every REST call which requires authorization:
ERROR com.pmease.quickbuild.rest.providers.AccessDeniedExceptionMapper - Access denied when accessing restful service.
It wouldn't be as that bad but this event is registered before user have possibility to login.
It makes log file bigger than necessary and it's not descriptive as we still don't know who tried to login and what call was it.
My proposition:
a) move access logs to dedicated file other than quickbuild.log and console.log
b) add IP address and the URL which was tried to reach
c) decrease ERROR log level to INFO
d) optional: think if it possible to don't write info about accessing rest api when user logged successfully immediately |
Show » |
|
Can you explain more about this? I tested with curl, and error is only logged when user does not have permission to access a resource. If access with appropriate user name/password, resource will be returned and no error is logged.