[java] Logging unauthorized requests when auth info is present

diemol · diemol · commit 49fa97d24add · 2022-04-21T08:57:05.000+02:00
We were logging all attempts, which adds noise to the default logging and is misleading when someone enables it and sees the logs. Fixes SeleniumHQ/docker-selenium#1551
diff --git a/java/src/org/openqa/selenium/grid/security/BasicAuthenticationFilter.java b/java/src/org/openqa/selenium/grid/security/BasicAuthenticationFilter.java
@@ -17,7 +17,6 @@
 
 package org.openqa.selenium.grid.security;
 
-import org.openqa.selenium.internal.Debug;
 import org.openqa.selenium.internal.Require;
 import org.openqa.selenium.remote.http.Filter;
 import org.openqa.selenium.remote.http.HttpHandler;
@@ -43,8 +42,11 @@ public HttpHandler apply(HttpHandler next) {
     return req -> {
       Require.nonNull("Request", req);
 
-      if (!isAuthorized(req.getHeader("Authorization"))) {
-        LOG.log(Debug.getDebugLogLevel(), "Unauthorized request to " + req);
+      String auth = req.getHeader("Authorization");
+      if (!isAuthorized(auth)) {
+        if (auth != null) {
+          LOG.info("Unauthorized request to " + req);
+        }
         return new HttpResponse()
           .setStatus(HttpURLConnection.HTTP_UNAUTHORIZED)
           .addHeader("WWW-Authenticate", "Basic realm=\"selenium-server\"");
