You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2018/06/21 11:49:00 UTC
[jira] [Commented] (SOLR-12161) CloudSolrClient with basic auth
enabled will update even if no credentials supplied
[ https://issues.apache.org/jira/browse/SOLR-12161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16519257#comment-16519257 ]
Jan Høydahl commented on SOLR-12161:
------------------------------------
Quite involved flow here, good catch [~noble.paul]!
Are you working on a fix for this for 7.5 Noble?
> CloudSolrClient with basic auth enabled will update even if no credentials supplied
> -----------------------------------------------------------------------------------
>
> Key: SOLR-12161
> URL: https://issues.apache.org/jira/browse/SOLR-12161
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Affects Versions: 7.3
> Reporter: Erick Erickson
> Assignee: Noble Paul
> Priority: Major
> Attachments: AuthUpdateTest.java, SOLR-12161.patch, tests.patch
>
>
> This is an offshoot of SOLR-9399. When I was writing a test, if I create a cluster with basic authentication set up, I can _still_ add documents to a collection even without credentials being set in the request.
> However, simple queries, commits etc. all fail without credentials set in the request.
> I'll attach a test class that illustrates the problem.
> If I use a new HttpSolrClient instead of a CloudSolrClient, then the update request fails as expected.
> [~noblepaul] do you have any insight here? Possibly something with splitting up the update request to go to each individual shard?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org