You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2019/01/04 04:04:16 UTC
[1/2] lucene-solr:branch_7x: SOLR-12514: Rule-base Authorization
plugin skips authorization if querying node does not have collection replica
Repository: lucene-solr
Updated Branches:
refs/heads/branch_7x aee7acdf7 -> f18f7b223
SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/d14bf2dc
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/d14bf2dc
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/d14bf2dc
Branch: refs/heads/branch_7x
Commit: d14bf2dc1ab0fd9d27d8add9ead1a7a76f4f340f
Parents: aee7acd
Author: Noble Paul <no...@apache.org>
Authored: Wed Jan 2 19:44:03 2019 +1100
Committer: noble <no...@apache.org>
Committed: Fri Jan 4 15:03:47 2019 +1100
----------------------------------------------------------------------
solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java | 1 +
.../org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java | 1 +
2 files changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/d14bf2dc/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
index 78ca8d4..caa54f6 100644
--- a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
+++ b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
@@ -496,6 +496,7 @@ public class HttpSolrCall {
handleAdminRequest();
return RETURN;
case REMOTEQUERY:
+ SolrRequestInfo.setRequestInfo(new SolrRequestInfo(solrReq, new SolrQueryResponse()));
remoteQuery(coreUrl + path, resp);
return RETURN;
case PROCESS:
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/d14bf2dc/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java b/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
index a82018f..9e4d229 100644
--- a/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestSolrCloudWithSecureImpersonation.java
@@ -335,6 +335,7 @@ public class TestSolrCloudWithSecureImpersonation extends SolrTestCaseJ4 {
}
@Test
+ @AwaitsFix(bugUrl = "https://issues.apache.org/jira/browse/SOLR-13098")
public void testForwarding() throws Exception {
String collectionName = "forwardingCollection";
miniCluster.uploadConfigSet(TEST_PATH().resolve("collection1/conf"), "conf1");
[2/2] lucene-solr:branch_7x: SOLR-12514: Rule-base Authorization
plugin skips authorization if querying node does not have collection replica
Posted by no...@apache.org.
SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/f18f7b22
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/f18f7b22
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/f18f7b22
Branch: refs/heads/branch_7x
Commit: f18f7b223522e8601afa340443372e6701568740
Parents: d14bf2d
Author: noble <no...@apache.org>
Authored: Fri Jan 4 15:03:58 2019 +1100
Committer: noble <no...@apache.org>
Committed: Fri Jan 4 15:03:58 2019 +1100
----------------------------------------------------------------------
solr/CHANGES.txt | 3 +++
.../solr/security/BasicAuthIntegrationTest.java | 21 ++++++++++++++++++++
2 files changed, 24 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/f18f7b22/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index c20a291..188b52c 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -72,6 +72,9 @@ Bug Fixes
scheduled triggers not be used for very frequent operations to avoid this problem.
(ab, shalin)
+* SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica (noble)
+
+
* SOLR-11853: Solr installer fails on SuSE linux (Markus Mandalka via janhoy)
* SOLR-12237: Fix incorrect SOLR_SSL_KEYSTORE_TYPE variable in solr start script (janhoy, Joel Bernstein)
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/f18f7b22/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index 24a813f..214c417 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -42,6 +42,7 @@ import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.message.AbstractHttpMessage;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
+import org.apache.solr.client.solrj.SolrClient;
import org.apache.solr.client.solrj.SolrRequest;
import org.apache.solr.client.solrj.embedded.JettySolrRunner;
import org.apache.solr.client.solrj.impl.HttpClientUtil;
@@ -225,6 +226,26 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
update.setCommitWithin(100);
cluster.getSolrClient().request(update, COLLECTION);
+ //Test for SOLR-12514. Create a new jetty . This jetty does not have the collection.
+ //Make a request to that jetty and it should fail
+ JettySolrRunner aNewJetty = cluster.startJettySolrRunner();
+ SolrClient aNewClient = aNewJetty.newClient();
+ try {
+ UpdateRequest delQuery = null;
+ delQuery = new UpdateRequest().deleteByQuery("*:*");
+ delQuery.setBasicAuthCredentials("harry","HarryIsUberCool");
+ delQuery.process(aNewClient, COLLECTION);//this should succeed
+
+ delQuery = new UpdateRequest().deleteByQuery("*:*");
+ delQuery.process(aNewClient, COLLECTION);
+ fail("This should not have succeeded without credentials");
+ } catch (HttpSolrClient.RemoteSolrException e) {
+ assertTrue(e.getMessage().contains("Unauthorized request"));
+ } finally {
+ aNewClient.close();
+ cluster.stopJettySolrRunner(aNewJetty);
+ }
+
executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");
verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/blockUnknown", "true", 20, "harry", "HarryIsUberCool");