You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "senthh (via GitHub)" <gi...@apache.org> on 2023/05/28 04:06:33 UTC
[GitHub] [solr] senthh opened a new pull request, #1669: SOLR-16826: Validate if authentication plugin class name are valid
senthh opened a new pull request, #1669:
URL: https://github.com/apache/solr/pull/1669
https://issues.apache.org/jira/browse/SOLR-16826
<!--
_(If you are a project committer then you may remove some/all of the following template.)_
Before creating a pull request, please file an issue in the ASF Jira system for Solr:
* https://issues.apache.org/jira/projects/SOLR
For something minor (i.e. that wouldn't be worth putting in release notes), you can skip JIRA.
To create a Jira issue, you will need to create an account there first.
The title of the PR should reference the Jira issue number in the form:
* SOLR-####: <short description of problem or changes>
SOLR must be fully capitalized. A short description helps people scanning pull requests for items they can work on.
Properly referencing the issue in the title ensures that Jira is correctly updated with code review comments and commits. -->
# Description
Validate if authentication plugin class name are valid authentication class names; and if it is not valid then Solr has to write a WARN log
As per Solr 9 documents following are the valid authentication plugin names
{{
"solr.BasicAuthPlugin", "solr.JWTAuthPlugin", "solr.HadoopAuthPlugin",
"solr.ConfigurableInternodeAuthHadoopPlugin", "solr.CertAuthPlugin", "solr.MultiAuthPlugin",
"solr.KerberosPlugin"
}}
# Solution
Validating authentication plugin class names, if it is not matching with class names mentioned in Documentation then write WARN logs
# Tests
Please describe the tests you've developed or run to confirm this patch implements the feature or solves the problem.
# Checklist
Please review the following and check all that apply:
- [*] I have reviewed the guidelines for [How to Contribute](https://wiki.apache.org/solr/HowToContribute) and my code conforms to the standards described there to the best of my ability.
- [*] I have created a Jira issue and added the issue ID to my pull request title.
- [*] I have given Solr maintainers [access](https://help.github.com/en/articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork) to contribute to my PR branch. (optional but recommended)
- [*] I have developed this patch against the `main` branch.
- [*] I have run `./gradlew check`.
- [*] I have added tests for my changes.
- [*] I have added documentation for the [Reference Guide](https://github.com/apache/solr/tree/main/solr/solr-ref-guide)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "janhoy (via GitHub)" <gi...@apache.org>.
janhoy commented on PR #1669:
URL: https://github.com/apache/solr/pull/1669#issuecomment-1569702974
Closing this, please open a new PR with Upgrade Notes doc changes...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "janhoy (via GitHub)" <gi...@apache.org>.
janhoy commented on PR #1669:
URL: https://github.com/apache/solr/pull/1669#issuecomment-1568580536
I'm not a fan of this solution. Yet a place of strings to maintain.
What is wrong with the ClassNotFound exception you (probably) already get? Does it not tell you clearly the problem? Then you fix your class name and it works. If we should start adding such lists to all kind of plugins it would be a maintenance nightmare.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] epugh commented on a diff in pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "epugh (via GitHub)" <gi...@apache.org>.
epugh commented on code in PR #1669:
URL: https://github.com/apache/solr/pull/1669#discussion_r1209570539
##########
solr/core/src/java/org/apache/solr/core/CoreContainer.java:
##########
@@ -547,7 +552,12 @@ private synchronized void initializeAuthenticationPlugin(
// Initialize the plugin
if (pluginClassName != null) {
- log.info("Initializing authentication plugin: {}", pluginClassName);
+ if (authPluginList.contains(pluginClassName)) {
+ log.info("Initializing authentication plugin: {}", pluginClassName);
+ } else {
+ log.warn("Wrong Authentication plugin {} configured." +
Review Comment:
I wonder if this needs to be more of a "The plugin X doesn't match any of the default plugins shipped with Solr"... Wouldn't there be a possibility of someone writing their own plugin, so it wouldn't be in the authPluginList?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy closed pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "janhoy (via GitHub)" <gi...@apache.org>.
janhoy closed pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
URL: https://github.com/apache/solr/pull/1669
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] senthh commented on a diff in pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "senthh (via GitHub)" <gi...@apache.org>.
senthh commented on code in PR #1669:
URL: https://github.com/apache/solr/pull/1669#discussion_r1209726203
##########
solr/core/src/java/org/apache/solr/core/CoreContainer.java:
##########
@@ -547,7 +552,12 @@ private synchronized void initializeAuthenticationPlugin(
// Initialize the plugin
if (pluginClassName != null) {
- log.info("Initializing authentication plugin: {}", pluginClassName);
+ if (authPluginList.contains(pluginClassName)) {
+ log.info("Initializing authentication plugin: {}", pluginClassName);
+ } else {
+ log.warn("Wrong Authentication plugin {} configured." +
Review Comment:
I am aiming this PR just to validate solr's inbuilt Auth plugins and write WARN logs if it is not matching as per Solr 9+ documentation. It will help users to, easily, find what mistake they commited.
So I think changing the WARN messages like "Authentication plugin {} configured is not matching with in-built plugins."
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] HoustonPutman commented on pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.
HoustonPutman commented on PR #1669:
URL: https://github.com/apache/solr/pull/1669#issuecomment-1568868246
Oh okay, then both org.apache.solr.security.hadoop.*Plugin and solr.*Plugin works? If it is so I can change in doc
> Oh okay, then both org.apache.solr.security.hadoop.*Plugin and solr.*Plugin works? If it is so I can change in doc
It should work yes. We should just add a line in `solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc` for 9.0, that the hdfs file locations have changed. There's a line about the code moving to a module, but it doesn't mention the classpaths.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] senthh commented on a diff in pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "senthh (via GitHub)" <gi...@apache.org>.
senthh commented on code in PR #1669:
URL: https://github.com/apache/solr/pull/1669#discussion_r1209726203
##########
solr/core/src/java/org/apache/solr/core/CoreContainer.java:
##########
@@ -547,7 +552,12 @@ private synchronized void initializeAuthenticationPlugin(
// Initialize the plugin
if (pluginClassName != null) {
- log.info("Initializing authentication plugin: {}", pluginClassName);
+ if (authPluginList.contains(pluginClassName)) {
+ log.info("Initializing authentication plugin: {}", pluginClassName);
+ } else {
+ log.warn("Wrong Authentication plugin {} configured." +
Review Comment:
Yes Eric, I am aiming this PR just to validate solr's inbuilt Auth plugins write WARN logs if it is not matching as per Solr 9+ documentation. It will help users to, easily, find what mistake they commited.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] senthh commented on pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "senthh (via GitHub)" <gi...@apache.org>.
senthh commented on PR #1669:
URL: https://github.com/apache/solr/pull/1669#issuecomment-1568634452
> I'm not a fan of this solution. Yet a place of strings to maintain.
>
> What is wrong with the ClassNotFound exception you (probably) already get? Does it not tell you clearly the problem? Then you fix your class name and it works. If we should start adding such lists to all kind of plugins it would be a maintenance nightmare.
I accept "ClassNotFound exception" is sufficient to find the issue. But problem arises when we upgrade from Solr 8(or lower) versions to Solr 9. In Solr 8 we have "org.apache.solr.security.*Plugin" as per doc, but in Solr 9 it got modified to use 'solr.*Plugin'.
So we assume that what we configured is correct ,as per old document, if we miss this change, and continue with "org.apache.solr.security.*Plugin" security.json file. But I accept one has to go thro' the new documentation before upgradation.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] senthh commented on pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "senthh (via GitHub)" <gi...@apache.org>.
senthh commented on PR #1669:
URL: https://github.com/apache/solr/pull/1669#issuecomment-1565958896
@epugh Eric Pugh, could you please review this PR
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] HoustonPutman commented on pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.
HoustonPutman commented on PR #1669:
URL: https://github.com/apache/solr/pull/1669#issuecomment-1568816956
The `org.apache.solr.security.*Plugin` still works, but the issue is that the package name changed for the KerberosPlugin from `org.apache.solr.security` (8.x) to `org.apache.solr.security.hadoop` (9.x). This should be included in the upgrade notes, I don't know why it wasn't.
I think that's the path forward, just document the change (and we can backport the upgrade notes change, so that it's included in 9.0, 9.1 and 9.2).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] senthh commented on pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "senthh (via GitHub)" <gi...@apache.org>.
senthh commented on PR #1669:
URL: https://github.com/apache/solr/pull/1669#issuecomment-1568856607
> The `org.apache.solr.security.*Plugin` still works, but the issue is that the package name changed for the KerberosPlugin from `org.apache.solr.security` (8.x) to `org.apache.solr.security.hadoop` (9.x). This should be included in the upgrade notes, I don't know why it wasn't.
>
> I think that's the path forward, just document the change (and we can backport the upgrade notes change, so that it's included in 9.0, 9.1 and 9.2).
Oh okay, then both org.apache.solr.security.hadoop.*Plugin and solr.*Plugin works? If it is so I can change in doc
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] senthh commented on pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "senthh (via GitHub)" <gi...@apache.org>.
senthh commented on PR #1669:
URL: https://github.com/apache/solr/pull/1669#issuecomment-1569532965
> Oh okay, then both org.apache.solr.security.hadoop.*Plugin and solr.*Plugin works? If it is so I can change in doc
>
> > Oh okay, then both org.apache.solr.security.hadoop.*Plugin and solr.*Plugin works? If it is so I can change in doc
>
> It should work yes. We should just add a line in `solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc` for 9.0, that the hdfs file locations have changed. There's a line about the code moving to a module, but it doesn't mention the classpaths.
This is better way to proceed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] senthh commented on a diff in pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "senthh (via GitHub)" <gi...@apache.org>.
senthh commented on code in PR #1669:
URL: https://github.com/apache/solr/pull/1669#discussion_r1209726203
##########
solr/core/src/java/org/apache/solr/core/CoreContainer.java:
##########
@@ -547,7 +552,12 @@ private synchronized void initializeAuthenticationPlugin(
// Initialize the plugin
if (pluginClassName != null) {
- log.info("Initializing authentication plugin: {}", pluginClassName);
+ if (authPluginList.contains(pluginClassName)) {
+ log.info("Initializing authentication plugin: {}", pluginClassName);
+ } else {
+ log.warn("Wrong Authentication plugin {} configured." +
Review Comment:
Yes Eric, I am aiming this PR just to validate solr's inbuilt Auth plugins and write WARN logs if it is not matching as per Solr 9+ documentation. It will help users to, easily, find what mistake they commited.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] senthh commented on a diff in pull request #1669: SOLR-16826: Validate if authentication plugin class name are valid
Posted by "senthh (via GitHub)" <gi...@apache.org>.
senthh commented on code in PR #1669:
URL: https://github.com/apache/solr/pull/1669#discussion_r1209726203
##########
solr/core/src/java/org/apache/solr/core/CoreContainer.java:
##########
@@ -547,7 +552,12 @@ private synchronized void initializeAuthenticationPlugin(
// Initialize the plugin
if (pluginClassName != null) {
- log.info("Initializing authentication plugin: {}", pluginClassName);
+ if (authPluginList.contains(pluginClassName)) {
+ log.info("Initializing authentication plugin: {}", pluginClassName);
+ } else {
+ log.warn("Wrong Authentication plugin {} configured." +
Review Comment:
I am aiming this PR just to validate solr's inbuilt Auth plugins and write WARN logs if it is not matching as per Solr 9+ documentation. It will help users to, easily, find what mistake they commited.
So I think changing the WARN messages like "Authentication plugin {} configured is not matching with in-built plugins." will be useful to tourubleshoot if user does typo wrong in configuring inbuilt plugins
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org