You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/08/11 01:12:20 UTC
[jira] [Commented] (SOLR-9399) Delete requests do not send
credentials & fails for Basic Authentication
[ https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15416319#comment-15416319 ]
ASF GitHub Bot commented on SOLR-9399:
--------------------------------------
GitHub user susheelks opened a pull request:
https://github.com/apache/lucene-solr/pull/69
SOLR-9399: Delete requests do not send credentials & fails for Basic Authentication
This is a bug fix to set Authentication credential in case of delete requests.
There is a duplicate code between update & delete requests which most likely has caused this issue and left to set credentials in case of delete requests. I'll create a separate jira to refactor the code and also tests for authentication seems to be broken.
The test class BasicAuthIntegrationTest doesn't have any test methods except the protected method doExtraTests which doesn't seems to be called from anywhere and delete tests needs to be added.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/susheelks/lucene-solr SOLR-9399
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/lucene-solr/pull/69.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #69
----
commit 7c68a42728531775240c7b6ff2bad5a23dfdb255
Author: Kumar, Susheel (CORP) <su...@adp.com>
Date: 2016-08-11T00:57:49Z
Added call to setBasicAuthCredentials for delete request
----
> Delete requests do not send credentials & fails for Basic Authentication
> ------------------------------------------------------------------------
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrJ
> Affects Versions: 6.0, 6.0.1, 6.x
> Reporter: Susheel Kumar
> Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to LBHttpSolrClient when deleteById is set while for updates it passes the credentials. See below code snippet
> if (deleteById != null) {
>
> Iterator<Map.Entry<String,Map<String,Object>>> entries = deleteById.entrySet()
> .iterator();
> while (entries.hasNext()) {
>
> Map.Entry<String,Map<String,Object>> entry = entries.next();
>
> String deleteId = entry.getKey();
> Map<String,Object> map = entry.getValue();
> Long version = null;
> if (map != null) {
> version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
> return null;
> }
> List<String> urls = urlMap.get(slice.getName());
> if (urls == null) {
> return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
> UpdateRequest urequest = (UpdateRequest) request.getRequest();
> urequest.deleteById(deleteId, version);
> } else {
> UpdateRequest urequest = new UpdateRequest();
> urequest.setParams(params);
> urequest.deleteById(deleteId, version);
> urequest.setCommitWithin(getCommitWithin());
> request = new LBHttpSolrClient.Req(urequest, urls);
> routes.put(leaderUrl, request);
> }
> }
> }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org