You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Varun Thacker (JIRA)" <ji...@apache.org> on 2018/01/06 02:43:00 UTC
[jira] [Created] (SOLR-11827) MockAuthorizationPlugin should return
401 if no principal is specified
Varun Thacker created SOLR-11827:
------------------------------------
Summary: MockAuthorizationPlugin should return 401 if no principal is specified
Key: SOLR-11827
URL: https://issues.apache.org/jira/browse/SOLR-11827
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Varun Thacker
Let's say today if the leader sends a message to the replica and it takes more than 10s ( the default TTL timeout ) then PKIAuthenticationPlugin will not pass the principal and RuleBasedAuthorizationPlugin will notice this and throw a 401
{code:title=PKIAuthenticationPlugin.java|borderStyle=solid}
if ((receivedTime - decipher.timestamp) > MAX_VALIDITY) {
log.error("Invalid key request timestamp: {} , received timestamp: {} , TTL: {}", decipher.timestamp, receivedTime, MAX_VALIDITY);
filterChain.doFilter(request, response);
return true;
}
{code}
{code:title=RuleBasedAuthorizationPlugin.java|borderStyle=solid}
if (principal == null) {
log.info("request has come without principal. failed permission {} ",permission);
//this resource needs a principal but the request has come without
//any credential.
return MatchStatus.USER_REQUIRED;
}
{code}
I was trying to verify this with PKIAuthenticationIntegrationTest but I noticed that since this test uses MockAuthorizationPlugin where no principal is treated as a 200 the test won't fail.
So we should enhance MockAuthorizationPlugin to treat no principal as a 401 and add a test in PKIAuthenticationIntegrationTest to verify the behaviour
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org