You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by md...@apache.org on 2021/04/09 15:20:04 UTC

[solr] branch main updated: SOLR-15317 Handle spaces in principal names (#64)

This is an automated email from the ASF dual-hosted git repository.

mdrob pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/main by this push:
     new 7ac95ab  SOLR-15317 Handle spaces in principal names (#64)
7ac95ab is described below

commit 7ac95abaa4d8500ea531f8033884a9262518800b
Author: Mike Drob <md...@apache.org>
AuthorDate: Fri Apr 9 10:19:57 2021 -0500

    SOLR-15317 Handle spaces in principal names (#64)
---
 solr/CHANGES.txt                                           |  2 ++
 .../org/apache/solr/security/PKIAuthenticationPlugin.java  |  8 ++++----
 .../apache/solr/security/TestPKIAuthenticationPlugin.java  | 14 ++++++++------
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 2791f1f..f83b9fd 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -258,6 +258,8 @@ Bug Fixes
 
 * SOLR-15233: Set doAs param in ConfigurableInternodeAuthHadoopPlugin (Geza Nagy, Jason Gerlowski, Mike Drob)
 
+* SOLR-15317: Correctly handle user principals with whitespace in PKIAuthPlugin (Dominik Dresel, Mike Drob)
+
 ==================  8.9.0 ==================
 
 Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
diff --git a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
index bdf298f..a07be13 100644
--- a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
@@ -167,15 +167,15 @@ public class PKIAuthenticationPlugin extends AuthenticationPlugin implements Htt
       return null;
     }
     String s = new String(bytes, UTF_8).trim();
-    String[] ss = s.split(" ");
-    if (ss.length < 2) {
+    int splitPoint = s.lastIndexOf(' ');
+    if (splitPoint == -1) {
       log.warn("Invalid cipher {} deciphered data {}", cipher, s);
       return null;
     }
     PKIHeaderData headerData = new PKIHeaderData();
     try {
-      headerData.timestamp = Long.parseLong(ss[1]);
-      headerData.userName = ss[0];
+      headerData.timestamp = Long.parseLong(s.substring(splitPoint + 1));
+      headerData.userName = s.substring(0, splitPoint);
       log.debug("Successfully decrypted header {} {}", headerData.userName, headerData.timestamp);
       return headerData;
     } catch (NumberFormatException e) {
diff --git a/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java b/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
index 9cb9bb1..76498e4 100644
--- a/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
+++ b/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
@@ -67,6 +67,10 @@ public class TestPKIAuthenticationPlugin extends SolrTestCaseJ4 {
     }
   }
 
+  final AtomicReference<Header> header = new AtomicReference<>();
+  final AtomicReference<ServletRequest> wrappedRequestByFilter = new AtomicReference<>();
+  final FilterChain filterChain = (servletRequest, servletResponse) -> wrappedRequestByFilter.set(servletRequest);
+
   public void test() throws Exception {
     assumeWorkingMockito();
     
@@ -83,22 +87,20 @@ public class TestPKIAuthenticationPlugin extends SolrTestCaseJ4 {
     PublicKey correctKey = CryptoKeys.deserializeX509PublicKey(mock.getPublicKey());
     mock.remoteKeys.put(nodeName, correctKey);
 
-    principal.set(new BasicUserPrincipal("solr"));
+    String username = "solr user"; // with spaces
+    principal.set(new BasicUserPrincipal(username));
     mock.solrRequestInfo = new SolrRequestInfo(localSolrQueryRequest, new SolrQueryResponse());
     BasicHttpRequest request = new BasicHttpRequest("GET", "http://localhost:56565");
     mock.setHeader(request);
-    final AtomicReference<Header> header = new AtomicReference<>();
     header.set(request.getFirstHeader(PKIAuthenticationPlugin.HEADER));
     assertNotNull(header.get());
     assertTrue(header.get().getValue().startsWith(nodeName));
-    final AtomicReference<ServletRequest> wrappedRequestByFilter = new AtomicReference<>();
     HttpServletRequest mockReq = createMockRequest(header);
-    FilterChain filterChain = (servletRequest, servletResponse) -> wrappedRequestByFilter.set(servletRequest);
     mock.authenticate(mockReq, null, filterChain);
 
-    assertNotNull(((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal());
     assertNotNull(wrappedRequestByFilter.get());
-    assertEquals("solr", ((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal().getName());
+    assertNotNull(((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal());
+    assertEquals(username, ((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal().getName());
 
     //test 2
     principal.set(null); // no user