Changing logging type to give warning for basic auth with no creds (#…

…2347) (#2364) Signed-off-by: Abhi Kalra <[email protected]> (cherry picked from commit a0a71da) Co-authored-by: Abhi Kalra <[email protected]> Co-authored-by: Craig Perkins <[email protected]>
opensearch-project · Dec 22, 2022 · dff0c1d · dff0c1d
1 parent 9099402
commit dff0c1d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/org/opensearch/security/auth/BackendRegistry.java b/src/main/java/org/opensearch/security/auth/BackendRegistry.java
@@ -267,7 +267,7 @@ public boolean authenticate(final RestRequest request, final RestChannel channel
 
                 if(authDomain.isChallenge() && httpAuthenticator.reRequestAuthentication(channel, null)) {
                     auditLog.logFailedLogin("<NONE>", false, null, request);
-                    log.trace("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'");
+                    log.warn("No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'");
                     return false;
                 } else {
                     //no reRequest possible