You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ja...@apache.org on 2020/06/07 23:24:25 UTC
[lucene-solr] branch branch_8x updated: SOLR-9679: Exception when
removing zk node /security.json (#1403)
This is an automated email from the ASF dual-hosted git repository.
janhoy pushed a commit to branch branch_8x
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_8x by this push:
new 0ff0c45 SOLR-9679: Exception when removing zk node /security.json (#1403)
0ff0c45 is described below
commit 0ff0c45b981cd723d046420d80753d975b9b1965
Author: Jan Høydahl <ja...@users.noreply.github.com>
AuthorDate: Mon Jun 8 01:11:56 2020 +0200
SOLR-9679: Exception when removing zk node /security.json (#1403)
(cherry picked from commit f404a38fa6d508b9dad78ce7d38e2a9cd6bf2ed1)
---
solr/CHANGES.txt | 2 ++
.../solr/security/BasicAuthOnSingleNodeTest.java | 30 +++++++++++++++++-----
.../apache/solr/common/cloud/ZkStateReader.java | 10 ++++++--
3 files changed, 33 insertions(+), 9 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 1c8a806..6a71f07 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -145,6 +145,8 @@ Bug Fixes
* SOLR-14525: SolrCoreAware, ResourceLoaderAware should be honored for plugin loaded from packages (noble)
+* SOLR-9679: When removing zk node /security.json, security is now disabled gracefully (janhoy)
+
* SOLR-14520: Fixed server errors from the json.facet allBuckets:true option when combined with refine:true
(Michael Gibney, hossman)
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java
index bcfe608..a904009 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java
@@ -19,11 +19,11 @@ package org.apache.solr.security;
import java.lang.invoke.MethodHandles;
-import org.apache.solr.client.solrj.embedded.JettySolrRunner;
import org.apache.solr.client.solrj.impl.Http2SolrClient;
import org.apache.solr.client.solrj.request.CollectionAdminRequest;
import org.apache.solr.client.solrj.request.QueryRequest;
import org.apache.solr.cloud.SolrCloudAuthTestCase;
+import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
@@ -45,13 +45,13 @@ public class BasicAuthOnSingleNodeTest extends SolrCloudAuthTestCase {
.setBasicAuthCredentials("solr", "solr")
.process(cluster.getSolrClient());
cluster.waitForActiveCollection(COLLECTION, 4, 4);
+ }
- JettySolrRunner jetty = cluster.getJettySolrRunner(0);
- jetty.stop();
- cluster.waitForJettyToStop(jetty);
- jetty.start();
- cluster.waitForAllNodes(30);
- cluster.waitForActiveCollection(COLLECTION, 4, 4);
+ @Override
+ @After
+ public void tearDown() throws Exception {
+ cluster.shutdown();
+ super.tearDown();
}
@Test
@@ -68,6 +68,22 @@ public class BasicAuthOnSingleNodeTest extends SolrCloudAuthTestCase {
}
}
+ @Test
+ public void testDeleteSecurityJsonZnode() throws Exception {
+ try (Http2SolrClient client = new Http2SolrClient.Builder(cluster.getJettySolrRunner(0).getBaseUrl().toString())
+ .build()){
+ try {
+ new QueryRequest(params("q", "*:*")).process(client, COLLECTION);
+ fail("Should throw exception due to authentication needed");
+ } catch (Exception e) { /* Ignore */ }
+
+ // Deleting security.json will disable security - before SOLR-9679 it would instead cause an exception
+ cluster.getZkClient().delete("/security.json", -1, false);
+
+ assertNotNull(new QueryRequest(params("q", "*:*")).process(client, COLLECTION));
+ }
+ }
+
protected static final String STD_CONF = "{\n" +
" \"authentication\":{\n" +
" \"blockUnknown\": true,\n" +
diff --git a/solr/solrj/src/java/org/apache/solr/common/cloud/ZkStateReader.java b/solr/solrj/src/java/org/apache/solr/common/cloud/ZkStateReader.java
index 7da9ccf..8ec259e 100644
--- a/solr/solrj/src/java/org/apache/solr/common/cloud/ZkStateReader.java
+++ b/solr/solrj/src/java/org/apache/solr/common/cloud/ZkStateReader.java
@@ -17,6 +17,7 @@
package org.apache.solr.common.cloud;
import java.lang.invoke.MethodHandles;
+import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -543,9 +544,14 @@ public class ZkStateReader implements SolrCloseable {
log.debug("Updating [{}] ... ", SOLR_SECURITY_CONF_PATH);
// remake watch
- final Watcher thisWatch = this;
final Stat stat = new Stat();
- final byte[] data = getZkClient().getData(SOLR_SECURITY_CONF_PATH, thisWatch, stat, true);
+ byte[] data = "{}".getBytes(StandardCharsets.UTF_8);
+ if (EventType.NodeDeleted.equals(event.getType())) {
+ // Node deleted, just recreate watch without attempting a read - SOLR-9679
+ getZkClient().exists(SOLR_SECURITY_CONF_PATH, this, true);
+ } else {
+ data = getZkClient().getData(SOLR_SECURITY_CONF_PATH, this, stat, true);
+ }
try {
callback.call(new Pair<>(data, stat));
} catch (Exception e) {