You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2016/08/27 19:08:16 UTC
lucene-solr:master: SOLR-9188: blockUnknown property makes inter-node
communication impossible
Repository: lucene-solr
Updated Branches:
refs/heads/master e99d97067 -> 44c30f053
SOLR-9188: blockUnknown property makes inter-node communication impossible
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/44c30f05
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/44c30f05
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/44c30f05
Branch: refs/heads/master
Commit: 44c30f0535ceed5f2ad08aa8a9f974d4973774e0
Parents: e99d970
Author: Noble Paul <no...@gmail.com>
Authored: Sun Aug 28 00:36:18 2016 +0530
Committer: Noble Paul <no...@gmail.com>
Committed: Sun Aug 28 00:36:18 2016 +0530
----------------------------------------------------------------------
solr/CHANGES.txt | 2 ++
.../apache/solr/security/BasicAuthPlugin.java | 3 ++-
.../apache/solr/servlet/SolrDispatchFilter.java | 3 ++-
.../solr/security/BasicAuthIntegrationTest.java | 28 ++++++++++++++++----
4 files changed, 29 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/44c30f05/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 824cdae..a4f918c 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -87,6 +87,8 @@ Bug Fixes
to be consistent with other places in Solr. Language names still work for backwards
compatibility. (Uwe Schindler, Boris Steiner)
+* SOLR-9188: blockUnknown property makes inter-node communication impossible (noble)
+
Optimizations
----------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/44c30f05/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java b/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
index e3f53a2..9dc34e7 100644
--- a/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
@@ -71,6 +71,7 @@ public class BasicAuthPlugin extends AuthenticationPlugin implements ConfigEdita
for (Map.Entry<String, Object> e : command.getDataMap().entrySet()) {
if (PROPS.contains(e.getKey())) {
latestConf.put(e.getKey(), e.getValue());
+ return latestConf;
} else {
command.addError("Unknown property " + e.getKey());
}
@@ -140,7 +141,7 @@ public class BasicAuthPlugin extends AuthenticationPlugin implements ConfigEdita
}
} else {
if (blockUnknown) {
- authenticationFailure(response, "require authentication");
+ authenticationFailure(response, "require authentication for pathinfo :"+ request.getPathInfo());
} else {
request.setAttribute(AuthenticationPlugin.class.getName(), zkAuthentication.getPromptHeaders());
filterChain.doFilter(request, response);
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/44c30f05/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java b/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
index 4a680e5..8c792e9 100644
--- a/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
+++ b/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
@@ -299,7 +299,8 @@ public class SolrDispatchFilter extends BaseSolrFilter {
boolean requestContinues = false;
final AtomicBoolean isAuthenticated = new AtomicBoolean(false);
AuthenticationPlugin authenticationPlugin = cores.getAuthenticationPlugin();
- if (authenticationPlugin == null) {
+ if (authenticationPlugin == null ||
+ PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest)request).getPathInfo())) {
return true;
} else {
//special case when solr is securing inter-node requests
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/44c30f05/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index 8a5483a..6070cf6 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -193,7 +193,10 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
cloudSolrClient.request(update);
- executeCommand(baseUrl + authzPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");
+ executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");
+ verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/blockUnknown", "true", 20, "harry", "HarryIsUberCool");
+ verifySecurityStatus(cl, baseUrl + PKIAuthenticationPlugin.PATH + "?wt=json", "key", NOT_NULL_PREDICATE, 20);
+
String[] toolArgs = new String[]{
"status", "-solr", baseUrl};
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -211,7 +214,7 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
log.error("RunExampleTool failed due to: " + e +
"; stdout from tool prior to failure: " + baos.toString(StandardCharsets.UTF_8.name()));
}
- executeCommand(baseUrl + authzPrefix, cl, "{set-property : { blockUnknown: false}}", "harry", "HarryIsUberCool");
+ executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: false}}", "harry", "HarryIsUberCool");
} finally {
if (cl != null) {
HttpClientUtil.close(cl);
@@ -219,7 +222,8 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
}
}
- public static void executeCommand(String url, HttpClient cl, String payload, String user, String pwd) throws IOException {
+ public static void executeCommand(String url, HttpClient cl, String payload, String user, String pwd)
+ throws IOException {
HttpPost httpPost;
HttpResponse r;
httpPost = new HttpPost(url);
@@ -231,15 +235,29 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
Utils.consumeFully(r.getEntity());
}
- public static void verifySecurityStatus(HttpClient cl, String url, String objPath, Object expected, int count) throws Exception {
+ public static void verifySecurityStatus(HttpClient cl, String url, String objPath,
+ Object expected, int count) throws Exception {
+ verifySecurityStatus(cl, url, objPath, expected, count, null, null);
+ }
+
+
+ public static void verifySecurityStatus(HttpClient cl, String url, String objPath,
+ Object expected, int count, String user, String pwd)
+ throws Exception {
boolean success = false;
String s = null;
List<String> hierarchy = StrUtils.splitSmart(objPath, '/');
for (int i = 0; i < count; i++) {
HttpGet get = new HttpGet(url);
+ if (user != null) setBasicAuthHeader(get, user, pwd);
HttpResponse rsp = cl.execute(get);
s = EntityUtils.toString(rsp.getEntity());
- Map m = (Map) Utils.fromJSONString(s);
+ Map m = null;
+ try {
+ m = (Map) Utils.fromJSONString(s);
+ } catch (Exception e) {
+ fail("Invalid json " + s);
+ }
Utils.consumeFully(rsp.getEntity());
Object actual = Utils.getObjectByPath(m, true, hierarchy);
if (expected instanceof Predicate) {