You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Erick Erickson (JIRA)" <ji...@apache.org> on 2018/03/20 22:00:00 UTC

[jira] [Assigned] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

     [ https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Erick Erickson reassigned SOLR-9399:
------------------------------------

    Assignee: Erick Erickson

> Delete requests do not send credentials & fails for Basic Authentication
> ------------------------------------------------------------------------
>
>                 Key: SOLR-9399
>                 URL: https://issues.apache.org/jira/browse/SOLR-9399
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: SolrJ
>    Affects Versions: 6.0, 6.0.1
>            Reporter: Susheel Kumar
>            Assignee: Erick Erickson
>            Priority: Major
>              Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to LBHttpSolrClient when deleteById is set while for updates it passes the credentials.  See below code snippet
>   if (deleteById != null) {
>       
>       Iterator<Map.Entry<String,Map<String,Object>>> entries = deleteById.entrySet()
>           .iterator();
>       while (entries.hasNext()) {
>         
>         Map.Entry<String,Map<String,Object>> entry = entries.next();
>         
>         String deleteId = entry.getKey();
>         Map<String,Object> map = entry.getValue();
>         Long version = null;
>         if (map != null) {
>           version = (Long) map.get(VER);
>         }
>         Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
>         if (slice == null) {
>           return null;
>         }
>         List<String> urls = urlMap.get(slice.getName());
>         if (urls == null) {
>           return null;
>         }
>         String leaderUrl = urls.get(0);
>         LBHttpSolrClient.Req request = routes.get(leaderUrl);
>         if (request != null) {
>           UpdateRequest urequest = (UpdateRequest) request.getRequest();
>           urequest.deleteById(deleteId, version);
>         } else {
>           UpdateRequest urequest = new UpdateRequest();
>           urequest.setParams(params);
>           urequest.deleteById(deleteId, version);
>           urequest.setCommitWithin(getCommitWithin());
>           request = new LBHttpSolrClient.Req(urequest, urls);
>           routes.put(leaderUrl, request);
>         }
>       }
>     }



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org