You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ja...@apache.org on 2020/06/07 23:12:10 UTC

[lucene-solr] branch master updated: SOLR-9679: Exception when removing zk node /security.json (#1403)

This is an automated email from the ASF dual-hosted git repository.

janhoy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git


The following commit(s) were added to refs/heads/master by this push:
     new f404a38  SOLR-9679: Exception when removing zk node /security.json (#1403)
f404a38 is described below

commit f404a38fa6d508b9dad78ce7d38e2a9cd6bf2ed1
Author: Jan Høydahl <ja...@users.noreply.github.com>
AuthorDate: Mon Jun 8 01:11:56 2020 +0200

    SOLR-9679: Exception when removing zk node /security.json (#1403)
---
 solr/CHANGES.txt                                   |  2 ++
 .../solr/security/BasicAuthOnSingleNodeTest.java   | 30 +++++++++++++++++-----
 .../apache/solr/common/cloud/ZkStateReader.java    | 10 ++++++--
 3 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 9a74854..e67a493 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -215,6 +215,8 @@ Bug Fixes
 
 * SOLR-14525: SolrCoreAware, ResourceLoaderAware should be honored for plugin loaded from packages (noble)
 
+* SOLR-9679: When removing zk node /security.json, security is now disabled gracefully (janhoy)
+
 * SOLR-14520: Fixed server errors from the json.facet allBuckets:true option when combined with refine:true
   (Michael Gibney, hossman)
 
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java
index bcfe608..a904009 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java
@@ -19,11 +19,11 @@ package org.apache.solr.security;
 
 import java.lang.invoke.MethodHandles;
 
-import org.apache.solr.client.solrj.embedded.JettySolrRunner;
 import org.apache.solr.client.solrj.impl.Http2SolrClient;
 import org.apache.solr.client.solrj.request.CollectionAdminRequest;
 import org.apache.solr.client.solrj.request.QueryRequest;
 import org.apache.solr.cloud.SolrCloudAuthTestCase;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.slf4j.Logger;
@@ -45,13 +45,13 @@ public class BasicAuthOnSingleNodeTest extends SolrCloudAuthTestCase {
         .setBasicAuthCredentials("solr", "solr")
         .process(cluster.getSolrClient());
     cluster.waitForActiveCollection(COLLECTION, 4, 4);
+  }
 
-    JettySolrRunner jetty = cluster.getJettySolrRunner(0);
-    jetty.stop();
-    cluster.waitForJettyToStop(jetty);
-    jetty.start();
-    cluster.waitForAllNodes(30);
-    cluster.waitForActiveCollection(COLLECTION, 4, 4);
+  @Override
+  @After
+  public void tearDown() throws Exception {
+    cluster.shutdown();
+    super.tearDown();
   }
 
   @Test
@@ -68,6 +68,22 @@ public class BasicAuthOnSingleNodeTest extends SolrCloudAuthTestCase {
     }
   }
 
+  @Test
+  public void testDeleteSecurityJsonZnode() throws Exception {
+    try (Http2SolrClient client = new Http2SolrClient.Builder(cluster.getJettySolrRunner(0).getBaseUrl().toString())
+        .build()){
+      try {
+        new QueryRequest(params("q", "*:*")).process(client, COLLECTION);
+        fail("Should throw exception due to authentication needed");
+      } catch (Exception e) { /* Ignore */ }
+
+      // Deleting security.json will disable security - before SOLR-9679 it would instead cause an exception
+      cluster.getZkClient().delete("/security.json", -1, false);
+
+      assertNotNull(new QueryRequest(params("q", "*:*")).process(client, COLLECTION));
+    }
+  }
+
   protected static final String STD_CONF = "{\n" +
       "  \"authentication\":{\n" +
       "   \"blockUnknown\": true,\n" +
diff --git a/solr/solrj/src/java/org/apache/solr/common/cloud/ZkStateReader.java b/solr/solrj/src/java/org/apache/solr/common/cloud/ZkStateReader.java
index 4065d3c..29074e8 100644
--- a/solr/solrj/src/java/org/apache/solr/common/cloud/ZkStateReader.java
+++ b/solr/solrj/src/java/org/apache/solr/common/cloud/ZkStateReader.java
@@ -17,6 +17,7 @@
 package org.apache.solr.common.cloud;
 
 import java.lang.invoke.MethodHandles;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -541,9 +542,14 @@ public class ZkStateReader implements SolrCloseable {
                 log.debug("Updating [{}] ... ", SOLR_SECURITY_CONF_PATH);
 
                 // remake watch
-                final Watcher thisWatch = this;
                 final Stat stat = new Stat();
-                final byte[] data = getZkClient().getData(SOLR_SECURITY_CONF_PATH, thisWatch, stat, true);
+                byte[] data = "{}".getBytes(StandardCharsets.UTF_8);
+                if (EventType.NodeDeleted.equals(event.getType())) {
+                  // Node deleted, just recreate watch without attempting a read - SOLR-9679
+                  getZkClient().exists(SOLR_SECURITY_CONF_PATH, this, true);
+                } else {
+                  data = getZkClient().getData(SOLR_SECURITY_CONF_PATH, this, stat, true);
+                }
                 try {
                   callback.call(new Pair<>(data, stat));
                 } catch (Exception e) {