From ebd1d539d0b0a5570418c14b54387142828681e2 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Thu, 22 Dec 2022 09:05:51 -0500 Subject: [PATCH] Changing logging type to give warning for basic auth with no creds (#2347) (#2364) Signed-off-by: Abhi Kalra (cherry picked from commit a0a71da6995941baed1ec7c6bf83226591ba9b90) Co-authored-by: Abhi Kalra <99718513+abhivka7@users.noreply.github.com> Co-authored-by: Craig Perkins --- src/main/java/org/opensearch/security/auth/BackendRegistry.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/opensearch/security/auth/BackendRegistry.java b/src/main/java/org/opensearch/security/auth/BackendRegistry.java index 42dc9ede07..79c63bca33 100644 --- a/src/main/java/org/opensearch/security/auth/BackendRegistry.java +++ b/src/main/java/org/opensearch/security/auth/BackendRegistry.java @@ -267,7 +267,7 @@ public boolean authenticate(final RestRequest request, final RestChannel channel if(authDomain.isChallenge() && httpAuthenticator.reRequestAuthentication(channel, null)) { auditLog.logFailedLogin("", false, null, request); - log.trace("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'"); + log.warn("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'"); return false; } else { //no reRequest possible