You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by GitBox <gi...@apache.org> on 2021/02/26 00:34:08 UTC

[GitHub] [lucene-solr] janhoy commented on a change in pull request #2430: SOLR-15194: relax requirements and allow http urls.

janhoy commented on a change in pull request #2430:
URL: https://github.com/apache/lucene-solr/pull/2430#discussion_r583296977



##########
File path: solr/core/src/java/org/apache/solr/security/JWTIssuerConfig.java
##########
@@ -68,6 +68,11 @@
   private WellKnownDiscoveryConfig wellKnownDiscoveryConfig;
   private String clientId;
   private String authorizationEndpoint;
+  
+  public static boolean ALLOW_OUTBOUND_HTTP = Boolean.parseBoolean(System.getProperty("solr.auth.jwt.allowOutboundHttp", "false"));
+  public static final String ALLOW_OUTBOUND_HTTP_ERR_MSG = "Outbound non SSL protected JWT authentication urls are not enabled, start your nodes with -Dsolr.auth.jwt.allowOutboundHttp=true.";

Review comment:
       Hard to read sentence - dobule negation. What about 
   >HTTPS required for IDP communication. Please use SSL or start your nodes with -Dsolr.auth.jwt.allowOutboundHttp=true to allow HTTP for test purposes.

##########
File path: solr/core/src/java/org/apache/solr/security/JWTIssuerConfig.java
##########
@@ -68,6 +68,11 @@
   private WellKnownDiscoveryConfig wellKnownDiscoveryConfig;
   private String clientId;
   private String authorizationEndpoint;
+  
+  public static boolean ALLOW_OUTBOUND_HTTP = Boolean.parseBoolean(System.getProperty("solr.auth.jwt.allowOutboundHttp", "false"));
+  public static final String ALLOW_OUTBOUND_HTTP_ERR_MSG = "Outbound non SSL protected JWT authentication urls are not enabled, start your nodes with -Dsolr.auth.jwt.allowOutboundHttp=true.";
+
+

Review comment:
       Unneccessary spaces

##########
File path: solr/solr-ref-guide/src/jwt-authentication-plugin.adoc
##########
@@ -161,6 +161,10 @@ Let's comment on this config:
 <12> Configure the audience claim. A token's 'aud' claim must match 'aud' for one of the configured issuers.
 <13> This issuer is auto configured through discovery, so 'iss' and JWK settings are not required
 
+=== Using non SSL URLs
+In Production you should always use SSL protected HTTPS connections since Solr is making an outbound connection,

Review comment:
       Production -> "production environments"
   Remove "since Solr is making an outbound connection"?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org