You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by no...@apache.org on 2019/01/04 04:04:17 UTC
[2/2] lucene-solr:branch_7x: SOLR-12514: Rule-base Authorization
plugin skips authorization if querying node does not have collection replica
SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/f18f7b22
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/f18f7b22
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/f18f7b22
Branch: refs/heads/branch_7x
Commit: f18f7b223522e8601afa340443372e6701568740
Parents: d14bf2d
Author: noble <no...@apache.org>
Authored: Fri Jan 4 15:03:58 2019 +1100
Committer: noble <no...@apache.org>
Committed: Fri Jan 4 15:03:58 2019 +1100
----------------------------------------------------------------------
solr/CHANGES.txt | 3 +++
.../solr/security/BasicAuthIntegrationTest.java | 21 ++++++++++++++++++++
2 files changed, 24 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/f18f7b22/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index c20a291..188b52c 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -72,6 +72,9 @@ Bug Fixes
scheduled triggers not be used for very frequent operations to avoid this problem.
(ab, shalin)
+* SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica (noble)
+
+
* SOLR-11853: Solr installer fails on SuSE linux (Markus Mandalka via janhoy)
* SOLR-12237: Fix incorrect SOLR_SSL_KEYSTORE_TYPE variable in solr start script (janhoy, Joel Bernstein)
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/f18f7b22/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index 24a813f..214c417 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -42,6 +42,7 @@ import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.message.AbstractHttpMessage;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
+import org.apache.solr.client.solrj.SolrClient;
import org.apache.solr.client.solrj.SolrRequest;
import org.apache.solr.client.solrj.embedded.JettySolrRunner;
import org.apache.solr.client.solrj.impl.HttpClientUtil;
@@ -225,6 +226,26 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
update.setCommitWithin(100);
cluster.getSolrClient().request(update, COLLECTION);
+ //Test for SOLR-12514. Create a new jetty . This jetty does not have the collection.
+ //Make a request to that jetty and it should fail
+ JettySolrRunner aNewJetty = cluster.startJettySolrRunner();
+ SolrClient aNewClient = aNewJetty.newClient();
+ try {
+ UpdateRequest delQuery = null;
+ delQuery = new UpdateRequest().deleteByQuery("*:*");
+ delQuery.setBasicAuthCredentials("harry","HarryIsUberCool");
+ delQuery.process(aNewClient, COLLECTION);//this should succeed
+
+ delQuery = new UpdateRequest().deleteByQuery("*:*");
+ delQuery.process(aNewClient, COLLECTION);
+ fail("This should not have succeeded without credentials");
+ } catch (HttpSolrClient.RemoteSolrException e) {
+ assertTrue(e.getMessage().contains("Unauthorized request"));
+ } finally {
+ aNewClient.close();
+ cluster.stopJettySolrRunner(aNewJetty);
+ }
+
executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");
verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/blockUnknown", "true", 20, "harry", "HarryIsUberCool");