Skip to content

Demote log level on trivial 401 intercept #1260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 9, 2016
Merged

Demote log level on trivial 401 intercept #1260

merged 1 commit into from
Oct 9, 2016

Conversation

roberth-k
Copy link
Contributor

The Unauthorized401Interceptor calls the noisy LOGGER.info() where trivial 401 responses are involved, i.e. no cause for the interceptor to kick in.

Demotes that particular log message to debug, keeping the remaining messages at info to retain diagnostic value.

@slandelle
Copy link
Contributor

noisy LOGGER.info()

This is a mere opinion.
Some people could say that experiencing a 401 with no Realm configured is a misusage and should be logged in error.
Please elaborate with proper arguments.

@roberth-k
Copy link
Contributor Author

  • The Realm supports only a subset of possible authentication protocols.
  • In these unsupported cases the appropriate credentials would be passed through direct manipulation of the request.
  • This particular log line applies whenever the RequestBuilder (or client) has not been intentionally configured with a Realm. Intentional cases remain unaffected in terms of diagnostic output.
  • For example, Realm does not cover the widely used OAuth2 Bearer Token. If the credentials in use have been revoked, the server is instructed to respond 401, which is not a challenge response.

@slandelle
Copy link
Contributor

If I get it right, you mostly complain on this log using info level because you implement quite standard auth schemes on your own that are not currently supported out of the box. If that's the case, why not contribute them instead?

@roberth-k
Copy link
Contributor Author

[...] you implement quite standard auth schemes [...] If that's the case, why not contribute them instead?

More auth protocols[1] will exist than the Realm can reasonably support.

Even in cases where the Realm does happen to support a particular protocol, the request-building code might choose to implement the protocol manually; for example, to work around some intricacies of the target service[2], or simply to ensure complete control over the content.

[1] Or variations thereof: for example, OAuth2 services often consume a query string parameter rather than header.
[2] Specs are often loosely interpreted; for example, a service might omit an implicit "Bearer" portion.

@slandelle
Copy link
Contributor

@milliburn Could you also please address ProxyUnauthorized407Interceptor?

@slandelle slandelle force-pushed the master branch 3 times, most recently from f0b7cde to b398e21 Compare October 5, 2016 13:38
Demote log level on trivial 401 intercept
f9ab4c2 
Do not log info if proxy realm not configured
@roberth-k roberth-k force-pushed the noisy-401-interceptor branch from 46834fe to f9ab4c2 Compare October 8, 2016 21:38
@roberth-k
Copy link
Contributor Author

Pushed and squashed.

@slandelle slandelle merged commit 272e618 into AsyncHttpClient:master Oct 9, 2016
@slandelle slandelle added this to the 2.0.17 milestone Oct 9, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Enhancement
Projects
None yet
Milestone
2.0.17
Development

Successfully merging this pull request may close these issues.
2 participants
@roberth-k @slandelle