You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2019/01/02 08:44:29 UTC
lucene-solr:master: SOLR-12514: Rule-base Authorization plugin skips
authorization if querying node does not have collection replica
Repository: lucene-solr
Updated Branches:
refs/heads/master 7c7036581 -> 619b38a19
SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/619b38a1
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/619b38a1
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/619b38a1
Branch: refs/heads/master
Commit: 619b38a19bbfb32e6b99df04060b15b249aaab7a
Parents: 7c70365
Author: Noble Paul <no...@apache.org>
Authored: Wed Jan 2 19:44:03 2019 +1100
Committer: Noble Paul <no...@apache.org>
Committed: Wed Jan 2 19:44:03 2019 +1100
----------------------------------------------------------------------
solr/CHANGES.txt | 2 ++
.../java/org/apache/solr/servlet/HttpSolrCall.java | 1 +
.../cloud/TestSolrCloudWithSecureImpersonation.java | 1 +
.../solr/security/BasicAuthIntegrationTest.java | 15 ++++++++++++++-
4 files changed, 18 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/619b38a1/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 0690864..d165e63 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -198,6 +198,8 @@ Bug Fixes
scheduled triggers not be used for very frequent operations to avoid this problem.
(ab, shalin)
+* SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica (noble)
+
Improvements
----------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/619b38a1/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
index bb4432c..b833244 100644
--- a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
+++ b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
@@ -496,6 +496,7 @@ public class HttpSolrCall {
handleAdminRequest();
return RETURN;
case REMOTEQUERY:
+ SolrRequestInfo.setRequestInfo(new SolrRequestInfo(solrReq, new SolrQueryResponse()));
remoteQuery(coreUrl + path, resp);
return RETURN;
case PROCESS:
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/619b38a1/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java b/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
index a149b33..1f73799 100644
--- a/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
@@ -312,6 +312,7 @@ public class TestSolrCloudWithSecureImpersonation extends SolrTestCaseJ4 {
}
@Test
+ @AwaitsFix(bugUrl = "https://issues.apache.org/jira/browse/SOLR-13098")
public void testForwarding() throws Exception {
String collectionName = "forwardingCollection";
miniCluster.uploadConfigSet(TEST_PATH().resolve("collection1/conf"), "conf1");
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/619b38a1/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index 6854469..0db2a0d 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -100,7 +100,7 @@ public class BasicAuthIntegrationTest extends SolrCloudAuthTestCase {
@Test
//commented 9-Aug-2018 @BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // 21-May-2018
- @BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // annotated on: 24-Dec-2018
+// @BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // annotated on: 24-Dec-2018
public void testBasicAuth() throws Exception {
boolean isUseV2Api = random().nextBoolean();
String authcPrefix = "/admin/authentication";
@@ -239,6 +239,19 @@ public class BasicAuthIntegrationTest extends SolrCloudAuthTestCase {
del.setCommitWithin(10);
del.process(cluster.getSolrClient(), COLLECTION);
+ //Test for SOLR-12514. Create a new jetty . This jetty does not have the collection.
+ //Make a request to that jetty and it should fail
+ JettySolrRunner aNewJetty = cluster.startJettySolrRunner();
+ try {
+ del = new UpdateRequest().deleteByQuery("*:*");
+ del.process(aNewJetty.newClient(), COLLECTION);
+ fail("This should not have succeeded without credentials");
+ } catch (HttpSolrClient.RemoteSolrException e) {
+ assertTrue(e.getMessage().contains("Unauthorized request"));
+ } finally {
+ cluster.stopJettySolrRunner(aNewJetty);
+ }
+
addDocument("harry","HarryIsUberCool","id", "4");
executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");