You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Christine Poerschke (Jira)" <ji...@apache.org> on 2021/01/08 18:12:00 UTC
[jira] [Commented] (SOLR-15073) Unsafe cast in SystemInfoHandler
[ https://issues.apache.org/jira/browse/SOLR-15073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17261501#comment-17261501 ]
Christine Poerschke commented on SOLR-15073:
--------------------------------------------
Hello [~nyivan]. Is [https://github.com/apache/lucene-solr/blob/releases/lucene-solr/8.7.0/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java#L344-L348] the code area you are referring to? If it is then observationally
{code:java}
- if (auth != null) {
+ if (auth instanceof RuleBasedAuthorizationPluginBase) {
RuleBasedAuthorizationPluginBase rbap = (RuleBasedAuthorizationPluginBase) auth;
Set<String> roles = rbap.getUserRoles(req.getUserPrincipal());
info.add("roles", roles);
}
{code}
might provide a solution. Possibly with an else branch to set {{roles}} to null or empty set, if (say) the security info in the Solr Admin UI added in SOLR-14237 needs it. What do you think?
> Unsafe cast in SystemInfoHandler
> --------------------------------
>
> Key: SOLR-15073
> URL: https://issues.apache.org/jira/browse/SOLR-15073
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Nikolay Ivanov
> Priority: Major
>
> I have observed an unsafe cast inĀ
> SystemInfoHandler::getSecurityInfo
> Is this by design? Currently I have a custom AuthorizationPlugin that directly implements AuthorizationPlugin interface. With the latest solr version it is not permitted anymore. A workaround is to extend the RuleBasedAuthorizationPluginBase, which is not ideal imo. Please share your thoughts
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org