You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "tflobbe (via GitHub)" <gi...@apache.org> on 2023/03/31 17:58:36 UTC

[GitHub] [solr] tflobbe opened a new pull request, #1511: SOLR-16730: Exclude username, roles and permissions for inter-node requests to SystemInfoHandler

tflobbe opened a new pull request, #1511:
URL: https://github.com/apache/solr/pull/1511

   This PR addresses `SOLR-16730` by completely skipping including the username, roles and permissions when the request is an inter-node request to `SystemInfoHandler`. 
   Having this part alone:
   ```
   if (roles == null) {
        info.add("permissions", Set.of());
   }
   ```
   should be enough to handle the NPE described in the Jira issue, but I think it may be better to just skip this section for internal requests, since the data displayed is unrelated to the user that issues the request.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy commented on pull request #1511: SOLR-16730: Exclude username, roles and permissions for inter-node requests to SystemInfoHandler

Posted by "janhoy (via GitHub)" <gi...@apache.org>.

janhoy commented on PR #1511:
URL: https://github.com/apache/solr/pull/1511#issuecomment-1492398190

   According to RBAP api, the `[getUserRoles()](https://github.com/apache/solr/blob/main/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPluginBase.java#L371)` call should not return null but empty set. So I think that can be fixed too, by making [this](https://github.com/apache/solr/blob/main/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java#L65) null-safe.
   
   After coding Kotlin for a few years I really miss its not-null-by-default!
   
   Basically, this looks like a decent solution.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] tflobbe merged pull request #1511: SOLR-16730: Exclude username, roles and permissions for inter-node requests to SystemInfoHandler

Posted by "tflobbe (via GitHub)" <gi...@apache.org>.

tflobbe merged PR #1511:
URL: https://github.com/apache/solr/pull/1511


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] tflobbe commented on pull request #1511: SOLR-16730: Exclude username, roles and permissions for inter-node requests to SystemInfoHandler

Posted by "tflobbe (via GitHub)" <gi...@apache.org>.

tflobbe commented on PR #1511:
URL: https://github.com/apache/solr/pull/1511#issuecomment-1494771584

   > Add a CHANGES entry
   
   Yes, I typically avoid adding an entry until I'm ready to merge, to prevent conflicts :). Added now.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org