Authentication REST API returns 200 for invalid edit command

[Jan Høydahl <ja...@cominvent.com>]

Hi

I notice that the /solr/admin/authentication endpoint always returns HTTP 200 and solr-status=0 (success), even when the user input is wrong and there's an error. Example:


curl -i --user solr:rocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d  '{"set-property": {"foo":false}}'
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
Content-Length: 162

{
  "responseHeader":{
    "status":0,
    "QTime":1},
  "errorMessages":[{
      "set-property":{"foo":false},
      "errorMessages":["Unknown property foo"]}]}


I saw this when working with BasicAuthIntegrationTest, that uses an "executeCommand()" test method which POSTs a command to a Solr REST endpoint and asserts a 200 response. This command can now fail and the test still passes.

In principle I believe in returning the correct HTTP responses, so in the case above it would be better to return HTTP 400 for wrong input (such as unknown property or command). If we can find a way to combine the "errorMessages" JSON with setting a different HTTP code and Solr responseHeader status code, that would be the preferred way, and clients relying on parsing the JSON can continue doing that, and other clients can simply check for a 200 response instead of the absence of a particular JSON key.


--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org