You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Erick Erickson (JIRA)" <ji...@apache.org> on 2018/03/20 22:00:00 UTC
[jira] [Assigned] (SOLR-9399) Delete requests do not send
credentials & fails for Basic Authentication
[ https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erick Erickson reassigned SOLR-9399:
------------------------------------
Assignee: Erick Erickson
> Delete requests do not send credentials & fails for Basic Authentication
> ------------------------------------------------------------------------
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrJ
> Affects Versions: 6.0, 6.0.1
> Reporter: Susheel Kumar
> Assignee: Erick Erickson
> Priority: Major
> Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to LBHttpSolrClient when deleteById is set while for updates it passes the credentials. See below code snippet
> if (deleteById != null) {
>
> Iterator<Map.Entry<String,Map<String,Object>>> entries = deleteById.entrySet()
> .iterator();
> while (entries.hasNext()) {
>
> Map.Entry<String,Map<String,Object>> entry = entries.next();
>
> String deleteId = entry.getKey();
> Map<String,Object> map = entry.getValue();
> Long version = null;
> if (map != null) {
> version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
> return null;
> }
> List<String> urls = urlMap.get(slice.getName());
> if (urls == null) {
> return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
> UpdateRequest urequest = (UpdateRequest) request.getRequest();
> urequest.deleteById(deleteId, version);
> } else {
> UpdateRequest urequest = new UpdateRequest();
> urequest.setParams(params);
> urequest.deleteById(deleteId, version);
> urequest.setCommitWithin(getCommitWithin());
> request = new LBHttpSolrClient.Req(urequest, urls);
> routes.put(leaderUrl, request);
> }
> }
> }
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org