Changing logging type to give warning for basic auth with no creds

Signed-off-by: Abhi Kalra <[email protected]>
opensearch-project · Dec 14, 2022 · 54c8e92 · 54c8e92
1 parent aad9379
commit 54c8e92
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/org/opensearch/security/auth/BackendRegistry.java b/src/main/java/org/opensearch/security/auth/BackendRegistry.java
@@ -267,7 +267,7 @@ public boolean authenticate(final RestRequest request, final RestChannel channel
 
                 if(authDomain.isChallenge() && httpAuthenticator.reRequestAuthentication(channel, null)) {
                     auditLog.logFailedLogin("<NONE>", false, null, request);
-                    log.trace("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'");
+                    log.warn("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'");
                     return false;
                 } else {
                     //no reRequest possible