You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by md...@apache.org on 2021/04/09 15:20:04 UTC
[solr] branch main updated: SOLR-15317 Handle spaces in principal
names (#64)
This is an automated email from the ASF dual-hosted git repository.
mdrob pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/main by this push:
new 7ac95ab SOLR-15317 Handle spaces in principal names (#64)
7ac95ab is described below
commit 7ac95abaa4d8500ea531f8033884a9262518800b
Author: Mike Drob <md...@apache.org>
AuthorDate: Fri Apr 9 10:19:57 2021 -0500
SOLR-15317 Handle spaces in principal names (#64)
---
solr/CHANGES.txt | 2 ++
.../org/apache/solr/security/PKIAuthenticationPlugin.java | 8 ++++----
.../apache/solr/security/TestPKIAuthenticationPlugin.java | 14 ++++++++------
3 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 2791f1f..f83b9fd 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -258,6 +258,8 @@ Bug Fixes
* SOLR-15233: Set doAs param in ConfigurableInternodeAuthHadoopPlugin (Geza Nagy, Jason Gerlowski, Mike Drob)
+* SOLR-15317: Correctly handle user principals with whitespace in PKIAuthPlugin (Dominik Dresel, Mike Drob)
+
================== 8.9.0 ==================
Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
diff --git a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
index bdf298f..a07be13 100644
--- a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
@@ -167,15 +167,15 @@ public class PKIAuthenticationPlugin extends AuthenticationPlugin implements Htt
return null;
}
String s = new String(bytes, UTF_8).trim();
- String[] ss = s.split(" ");
- if (ss.length < 2) {
+ int splitPoint = s.lastIndexOf(' ');
+ if (splitPoint == -1) {
log.warn("Invalid cipher {} deciphered data {}", cipher, s);
return null;
}
PKIHeaderData headerData = new PKIHeaderData();
try {
- headerData.timestamp = Long.parseLong(ss[1]);
- headerData.userName = ss[0];
+ headerData.timestamp = Long.parseLong(s.substring(splitPoint + 1));
+ headerData.userName = s.substring(0, splitPoint);
log.debug("Successfully decrypted header {} {}", headerData.userName, headerData.timestamp);
return headerData;
} catch (NumberFormatException e) {
diff --git a/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java b/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
index 9cb9bb1..76498e4 100644
--- a/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
+++ b/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
@@ -67,6 +67,10 @@ public class TestPKIAuthenticationPlugin extends SolrTestCaseJ4 {
}
}
+ final AtomicReference<Header> header = new AtomicReference<>();
+ final AtomicReference<ServletRequest> wrappedRequestByFilter = new AtomicReference<>();
+ final FilterChain filterChain = (servletRequest, servletResponse) -> wrappedRequestByFilter.set(servletRequest);
+
public void test() throws Exception {
assumeWorkingMockito();
@@ -83,22 +87,20 @@ public class TestPKIAuthenticationPlugin extends SolrTestCaseJ4 {
PublicKey correctKey = CryptoKeys.deserializeX509PublicKey(mock.getPublicKey());
mock.remoteKeys.put(nodeName, correctKey);
- principal.set(new BasicUserPrincipal("solr"));
+ String username = "solr user"; // with spaces
+ principal.set(new BasicUserPrincipal(username));
mock.solrRequestInfo = new SolrRequestInfo(localSolrQueryRequest, new SolrQueryResponse());
BasicHttpRequest request = new BasicHttpRequest("GET", "http://localhost:56565");
mock.setHeader(request);
- final AtomicReference<Header> header = new AtomicReference<>();
header.set(request.getFirstHeader(PKIAuthenticationPlugin.HEADER));
assertNotNull(header.get());
assertTrue(header.get().getValue().startsWith(nodeName));
- final AtomicReference<ServletRequest> wrappedRequestByFilter = new AtomicReference<>();
HttpServletRequest mockReq = createMockRequest(header);
- FilterChain filterChain = (servletRequest, servletResponse) -> wrappedRequestByFilter.set(servletRequest);
mock.authenticate(mockReq, null, filterChain);
- assertNotNull(((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal());
assertNotNull(wrappedRequestByFilter.get());
- assertEquals("solr", ((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal().getName());
+ assertNotNull(((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal());
+ assertEquals(username, ((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal().getName());
//test 2
principal.set(null); // no user