You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2019/01/02 08:44:29 UTC

lucene-solr:master: SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica

Repository: lucene-solr
Updated Branches:
  refs/heads/master 7c7036581 -> 619b38a19


SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/619b38a1
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/619b38a1
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/619b38a1

Branch: refs/heads/master
Commit: 619b38a19bbfb32e6b99df04060b15b249aaab7a
Parents: 7c70365
Author: Noble Paul <no...@apache.org>
Authored: Wed Jan 2 19:44:03 2019 +1100
Committer: Noble Paul <no...@apache.org>
Committed: Wed Jan 2 19:44:03 2019 +1100

----------------------------------------------------------------------
 solr/CHANGES.txt                                     |  2 ++
 .../java/org/apache/solr/servlet/HttpSolrCall.java   |  1 +
 .../cloud/TestSolrCloudWithSecureImpersonation.java  |  1 +
 .../solr/security/BasicAuthIntegrationTest.java      | 15 ++++++++++++++-
 4 files changed, 18 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/619b38a1/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 0690864..d165e63 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -198,6 +198,8 @@ Bug Fixes
   scheduled triggers not be used for very frequent operations to avoid this problem.
   (ab, shalin)
 
+* SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica (noble)
+
 Improvements
 ----------------------
 

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/619b38a1/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
index bb4432c..b833244 100644
--- a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
+++ b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
@@ -496,6 +496,7 @@ public class HttpSolrCall {
           handleAdminRequest();
           return RETURN;
         case REMOTEQUERY:
+          SolrRequestInfo.setRequestInfo(new SolrRequestInfo(solrReq,  new SolrQueryResponse()));
           remoteQuery(coreUrl + path, resp);
           return RETURN;
         case PROCESS:

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/619b38a1/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java b/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
index a149b33..1f73799 100644
--- a/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
@@ -312,6 +312,7 @@ public class TestSolrCloudWithSecureImpersonation extends SolrTestCaseJ4 {
   }
 
   @Test
+  @AwaitsFix(bugUrl = "https://issues.apache.org/jira/browse/SOLR-13098")
   public void testForwarding() throws Exception {
     String collectionName = "forwardingCollection";
     miniCluster.uploadConfigSet(TEST_PATH().resolve("collection1/conf"), "conf1");

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/619b38a1/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index 6854469..0db2a0d 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -100,7 +100,7 @@ public class BasicAuthIntegrationTest extends SolrCloudAuthTestCase {
 
   @Test
   //commented 9-Aug-2018 @BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // 21-May-2018
-  @BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // annotated on: 24-Dec-2018
+//  @BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // annotated on: 24-Dec-2018
   public void testBasicAuth() throws Exception {
     boolean isUseV2Api = random().nextBoolean();
     String authcPrefix = "/admin/authentication";
@@ -239,6 +239,19 @@ public class BasicAuthIntegrationTest extends SolrCloudAuthTestCase {
       del.setCommitWithin(10);
       del.process(cluster.getSolrClient(), COLLECTION);
 
+      //Test for SOLR-12514. Create a new jetty . This jetty does not have the collection.
+      //Make a request to that jetty and it should fail
+      JettySolrRunner aNewJetty = cluster.startJettySolrRunner();
+      try {
+        del = new UpdateRequest().deleteByQuery("*:*");
+        del.process(aNewJetty.newClient(), COLLECTION);
+        fail("This should not have succeeded without credentials");
+      } catch (HttpSolrClient.RemoteSolrException e) {
+        assertTrue(e.getMessage().contains("Unauthorized request"));
+      } finally {
+        cluster.stopJettySolrRunner(aNewJetty);
+      }
+
       addDocument("harry","HarryIsUberCool","id", "4");
 
       executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");