You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Noble Paul (JIRA)" <ji...@apache.org> on 2018/06/01 11:43:00 UTC

[jira] [Assigned] (SOLR-12354) org.apache.solr.security.PKIAuthenticationPlugin does not check response code when retrieving remotePublicKey

     [ https://issues.apache.org/jira/browse/SOLR-12354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Noble Paul reassigned SOLR-12354:
---------------------------------

    Assignee: Noble Paul

> org.apache.solr.security.PKIAuthenticationPlugin does not check response code when retrieving remotePublicKey
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-12354
>                 URL: https://issues.apache.org/jira/browse/SOLR-12354
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication
>    Affects Versions: 6.6.2, 6.6.3
>            Reporter: hamada
>            Assignee: Noble Paul
>            Priority: Major
>
> in decipherHeader(), if keyCache does not contain the key of interest, then a remote call is made to retrieve the key from the remote host, by calling getRemotePublicKey, which fails if the server returns an html error page.
> e.g.:
> org.noggit.JSONParser$ParseException: JSON Parse Error: char=<,position=0 BEFORE='<' AFTER='html> <head> <meta http-equiv="Content-' at org.noggit.JSONParser.err(JSONParser.java:356) ~[noggit-0.6.jar:?] at org.noggit.JSONParser.handleNonDoubleQuoteString(JSONParser.java:712) ~[noggit-0.6.jar:?] at org.noggit.JSONParser.next(JSONParser.java:886) ~[noggit-0.6.jar:?] at org.noggit.JSONParser.nextEvent(JSONParser.java:930) ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.<init>(ObjectBuilder.java:44) ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.getVal(ObjectBuilder.java:37) ~[noggit-0.6.jar:?]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org