You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2016/10/26 08:45:06 UTC
[2/2] lucene-solr:branch_6x: SOLR-9692: blockUnknown property still
breaks the internode communication
SOLR-9692: blockUnknown property still breaks the internode communication
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/8f3f1f3e
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/8f3f1f3e
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/8f3f1f3e
Branch: refs/heads/branch_6x
Commit: 8f3f1f3ebb946eccd1ef1e102d1e3b1db02f031a
Parents: ecb3ea2
Author: Noble Paul <no...@apache.org>
Authored: Wed Oct 26 14:08:29 2016 +0530
Committer: Noble Paul <no...@apache.org>
Committed: Wed Oct 26 14:08:29 2016 +0530
----------------------------------------------------------------------
.../apache/solr/servlet/SolrDispatchFilter.java | 17 +++++++++--------
.../solr/security/BasicAuthIntegrationTest.java | 17 +++++++++++++----
2 files changed, 22 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/8f3f1f3e/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java b/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
index eabd29d..5a4cfb6 100644
--- a/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
+++ b/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
@@ -348,22 +348,23 @@ public class SolrDispatchFilter extends BaseSolrFilter {
if (authenticationPlugin == null) {
return true;
} else {
- if( PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getPathInfo()) ) return true;
- //special case when solr is securing inter-node requests
+ // /admin/info/key must be always open. see SOLR-9188
+ // tests work only w/ getPathInfo
+ //otherwise it's just enough to have getServletPath()
+ if (PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getServletPath()) ||
+ PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getPathInfo())) return true;
String header = ((HttpServletRequest) request).getHeader(PKIAuthenticationPlugin.HEADER);
if (header != null && cores.getPkiAuthenticationPlugin() != null)
authenticationPlugin = cores.getPkiAuthenticationPlugin();
try {
log.debug("Request to authenticate: {}, domain: {}, port: {}", request, request.getLocalName(), request.getLocalPort());
// upon successful authentication, this should call the chain's next filter.
- requestContinues = authenticationPlugin.doAuthenticate(request, response, new FilterChain() {
- public void doFilter(ServletRequest req, ServletResponse rsp) throws IOException, ServletException {
- isAuthenticated.set(true);
- wrappedRequest.set(req);
- }
+ requestContinues = authenticationPlugin.doAuthenticate(request, response, (req, rsp) -> {
+ isAuthenticated.set(true);
+ wrappedRequest.set(req);
});
} catch (Exception e) {
- e.printStackTrace();
+ log.info("Error authenticating", e);
throw new SolrException(ErrorCode.SERVER_ERROR, "Error during request authentication, ", e);
}
}
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/8f3f1f3e/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index a48671e..137fcdd 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -191,6 +191,9 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");
+ verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/blockUnknown", "true", 20, "harry", "HarryIsUberCool");
+ verifySecurityStatus(cl, baseUrl + "/admin/info/key?wt=json", "key", NOT_NULL_PREDICATE, 20);
+
String[] toolArgs = new String[]{
"status", "-solr", baseUrl};
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -216,7 +219,8 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
}
}
- public static void executeCommand(String url, HttpClient cl, String payload, String user, String pwd) throws IOException {
+ public static void executeCommand(String url, HttpClient cl, String payload, String user, String pwd)
+ throws IOException {
HttpPost httpPost;
HttpResponse r;
httpPost = new HttpPost(url);
@@ -245,7 +249,12 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
if (user != null) setBasicAuthHeader(get, user, pwd);
HttpResponse rsp = cl.execute(get);
s = EntityUtils.toString(rsp.getEntity());
- Map m = (Map) Utils.fromJSONString(s);
+ Map m = null;
+ try {
+ m = (Map) Utils.fromJSONString(s);
+ } catch (Exception e) {
+ fail("Invalid json " + s);
+ }
Utils.consumeFully(rsp.getEntity());
Object actual = Utils.getObjectByPath(m, true, hierarchy);
if (expected instanceof Predicate) {
@@ -283,11 +292,11 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
return l.isEmpty() ? null : l.get(0);
}
- static final Predicate NOT_NULL_PREDICATE = o -> o != null;
+ protected static final Predicate NOT_NULL_PREDICATE = o -> o != null;
//the password is 'SolrRocks'
//this could be generated everytime. But , then we will not know if there is any regression
- private static final String STD_CONF = "{\n" +
+ protected static final String STD_CONF = "{\n" +
" 'authentication':{\n" +
" 'class':'solr.BasicAuthPlugin',\n" +
" 'credentials':{'solr':'orwp2Ghgj39lmnrZOTm7Qtre1VqHFDfwAEzr0ApbN3Y= Ju5osoAqOX8iafhWpPP01E5P+sg8tK8tHON7rCYZRRw='}},\n" +