401 Unauthorized metadata-export-search request on search page requests

[paulo-graca]

Describe the bug

As an anonymous user, when navigating DSpace, on search pages (I've also found this in Apache Logs), I encounter some metadata-export-search requests that always return 401 Unauthorized codes. This isn't the problem, is expected to return that result. The problem is why the requests are made in the first place. Shouldn't we use some kind of feature request to validate the access?

To Reproduce

Steps to reproduce the behavior:

1. I used demo.dspace.org to reproduce the issue (DSpace 8, but also affects DSpace 7.6.1)
2. I first access to the first page
3. Then, did a search (without any search keyword)
4. List every request using Browser's DevTools and there was the 401 Unauthorized

Expected behavior

I was expecting that features requests could be used instead. Something like:

https://demo.dspace.org/server/api/authz/authorizations/search/object?uri=https://demo.dspace.org/server/api/...&feature=...&embed=feature

[alanorth]

This is also the cause of the following message in the backend dspace.log:

2024-10-25 14:47:37,679 WARN  fd564310-3d47-4a8e-9b4a-4af6105b9175 f3c1cdd4-00db-4bb8-bac2-9cbb86602209 org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Authentication is required (status:401 exception: Access is denied at: org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73))

Considering that we log this message for every single request to the search page by a non-admin user, it seems that it actually belongs at the INFO or DEBUG log level.