You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "tflobbe (via GitHub)" <gi...@apache.org> on 2023/03/31 17:58:36 UTC
[GitHub] [solr] tflobbe opened a new pull request, #1511: SOLR-16730: Exclude username, roles and permissions for inter-node requests to SystemInfoHandler
tflobbe opened a new pull request, #1511:
URL: https://github.com/apache/solr/pull/1511
This PR addresses `SOLR-16730` by completely skipping including the username, roles and permissions when the request is an inter-node request to `SystemInfoHandler`.
Having this part alone:
```
if (roles == null) {
info.add("permissions", Set.of());
}
```
should be enough to handle the NPE described in the Jira issue, but I think it may be better to just skip this section for internal requests, since the data displayed is unrelated to the user that issues the request.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on pull request #1511: SOLR-16730: Exclude username, roles and permissions for inter-node requests to SystemInfoHandler
Posted by "janhoy (via GitHub)" <gi...@apache.org>.
janhoy commented on PR #1511:
URL: https://github.com/apache/solr/pull/1511#issuecomment-1492398190
According to RBAP api, the `[getUserRoles()](https://github.com/apache/solr/blob/main/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPluginBase.java#L371)` call should not return null but empty set. So I think that can be fixed too, by making [this](https://github.com/apache/solr/blob/main/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java#L65) null-safe.
After coding Kotlin for a few years I really miss its not-null-by-default!
Basically, this looks like a decent solution.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] tflobbe merged pull request #1511: SOLR-16730: Exclude username, roles and permissions for inter-node requests to SystemInfoHandler
Posted by "tflobbe (via GitHub)" <gi...@apache.org>.
tflobbe merged PR #1511:
URL: https://github.com/apache/solr/pull/1511
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] tflobbe commented on pull request #1511: SOLR-16730: Exclude username, roles and permissions for inter-node requests to SystemInfoHandler
Posted by "tflobbe (via GitHub)" <gi...@apache.org>.
tflobbe commented on PR #1511:
URL: https://github.com/apache/solr/pull/1511#issuecomment-1494771584
> Add a CHANGES entry
Yes, I typically avoid adding an entry until I'm ready to merge, to prevent conflicts :). Added now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org