|
|
|
We tried to enter some restricted resources via API using web browser in private mode (Opera/Chrome) and the "Access denied" entry was added immediately to the log at the same moment when user login prompt window shows.
It is highly possible that browser at first tries to login as anonymous and after fail it asks user about credentials. It explains why trying to reproduce this issue using curl is not possible, but we can't ask people to not use browser while accessing API. Thanks for the info. Yes, browser will try to login anonymously first. It is reasonable to log access denied as DEBUG message instead of ERROR. Will make it into next patch release.
|
Can you explain more about this? I tested with curl, and error is only logged when user does not have permission to access a resource. If access with appropriate user name/password, resource will be returned and no error is logged.