lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From no...@apache.org
Subject svn commit: r1717493 - in /lucene/dev/trunk/solr: CHANGES.txt core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java core/src/java/org/apache/solr/servlet/HttpSolrCall.java core/src/java/org/apache/solr/update/DefaultSolrCoreState.java
Date Tue, 01 Dec 2015 18:29:47 GMT
Author: noble
Date: Tue Dec  1 18:29:47 2015
New Revision: 1717493

URL: http://svn.apache.org/viewvc?rev=1717493&view=rev
Log:
SOLR-8355: update permissions were failing node recovery

Modified:
    lucene/dev/trunk/solr/CHANGES.txt
    lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
    lucene/dev/trunk/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
    lucene/dev/trunk/solr/core/src/java/org/apache/solr/update/DefaultSolrCoreState.java

Modified: lucene/dev/trunk/solr/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/CHANGES.txt?rev=1717493&r1=1717492&r2=1717493&view=diff
==============================================================================
--- lucene/dev/trunk/solr/CHANGES.txt (original)
+++ lucene/dev/trunk/solr/CHANGES.txt Tue Dec  1 18:29:47 2015
@@ -480,6 +480,9 @@ Bug Fixes
 * SOLR-8340: Fixed NullPointerException in HighlightComponent.
   (zengjie via Christine Poerschke)
 
+* SOLR-8355: update permissions were failing node recovery (noble , Anshum Gupta)
+
+
 Optimizations
 ----------------------
 

Modified: lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java?rev=1717493&r1=1717492&r2=1717493&view=diff
==============================================================================
--- lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
(original)
+++ lucene/dev/trunk/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
Tue Dec  1 18:29:47 2015
@@ -142,6 +142,7 @@ public class RuleBasedAuthorizationPlugi
         return MatchStatus.PERMITTED;
       }
       if (principal == null) {
+        log.info("request has come without principal. failed permission {} ",permission);
         //this resource needs a principal but the request has come without
         //any credential.
         return MatchStatus.USER_REQUIRED;
@@ -151,8 +152,10 @@ public class RuleBasedAuthorizationPlugi
         Set<String> userRoles = usersVsRoles.get(principal.getName());
         if (userRoles != null && userRoles.contains(role)) return MatchStatus.PERMITTED;
       }
+      log.info("This resource is configured to have a permission {}, The principal {} does
not have the right role ", permission, principal);
       return MatchStatus.FORBIDDEN;
     }
+    log.debug("No permissions configured for the resource {} . So allowed to access", context.getResource());
     return MatchStatus.NO_PERMISSIONS_FOUND;
   }
 

Modified: lucene/dev/trunk/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java?rev=1717493&r1=1717492&r2=1717493&view=diff
==============================================================================
--- lucene/dev/trunk/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java (original)
+++ lucene/dev/trunk/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java Tue Dec
 1 18:29:47 2015
@@ -424,6 +424,7 @@ public class HttpSolrCall {
           log.debug("USER_REQUIRED "+req.getHeader("Authorization")+" "+ req.getUserPrincipal());
         }
         if (!(authResponse.statusCode == HttpStatus.SC_ACCEPTED) && !(authResponse.statusCode
== HttpStatus.SC_OK)) {
+          log.info("USER_REQUIRED auth header {} context : {} ", req.getHeader("Authorization"),
context);
           sendError(authResponse.statusCode,
               "Unauthorized request, Response code: " + authResponse.statusCode);
           return RETURN;
@@ -489,8 +490,10 @@ public class HttpSolrCall {
   private boolean shouldAuthorize() {
     if(PKIAuthenticationPlugin.PATH.equals(path)) return false;
     //admin/info/key is the path where public key is exposed . it is always unsecured
-    if( cores.getPkiAuthenticationPlugin() != null && req.getUserPrincipal() != null){
-      return cores.getPkiAuthenticationPlugin().needsAuthorization(req);
+    if (cores.getPkiAuthenticationPlugin() != null && req.getUserPrincipal() != null)
{
+      boolean b = cores.getPkiAuthenticationPlugin().needsAuthorization(req);
+      log.debug("PkiAuthenticationPlugin says authorization required : {} ", b);
+      return b;
     }
     return true;
   }
@@ -997,6 +1000,7 @@ public class HttpSolrCall {
           response.delete(response.length() - 1, response.length());
         
         response.append("], Path: [").append(resource).append("]");
+        response.append(" path : ").append(path).append(" params :").append(solrReq.getParams());
         return response.toString();
       }
 

Modified: lucene/dev/trunk/solr/core/src/java/org/apache/solr/update/DefaultSolrCoreState.java
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/solr/core/src/java/org/apache/solr/update/DefaultSolrCoreState.java?rev=1717493&r1=1717492&r2=1717493&view=diff
==============================================================================
--- lucene/dev/trunk/solr/core/src/java/org/apache/solr/update/DefaultSolrCoreState.java (original)
+++ lucene/dev/trunk/solr/core/src/java/org/apache/solr/update/DefaultSolrCoreState.java Tue
Dec  1 18:29:47 2015
@@ -18,14 +18,16 @@ package org.apache.solr.update;
  */
 
 import java.io.IOException;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 
 import org.apache.lucene.index.IndexWriter;
-import org.apache.solr.cloud.RecoveryStrategy;
 import org.apache.solr.cloud.ActionThrottle;
+import org.apache.solr.cloud.RecoveryStrategy;
 import org.apache.solr.common.SolrException;
 import org.apache.solr.common.SolrException.ErrorCode;
 import org.apache.solr.core.CoreContainer;
@@ -57,6 +59,7 @@ public final class DefaultSolrCoreState
 
   private volatile boolean recoveryRunning;
   private RecoveryStrategy recoveryStrat;
+  private Future future;
   private volatile boolean lastReplicationSuccess = true;
 
   // will we attempt recovery as if we just started up (i.e. use starting versions rather
than recent versions for peersync
@@ -281,7 +284,7 @@ public final class DefaultSolrCoreState
         
         recoveryStrat = new RecoveryStrategy(cc, cd, this);
         recoveryStrat.setRecoveringAfterStartup(recoveringAfterStartup);
-        recoveryStrat.start();
+        future = cc.getUpdateShardHandler().getUpdateExecutor().submit(recoveryStrat);
         recoveryRunning = true;
       }
     } finally {
@@ -296,10 +299,12 @@ public final class DefaultSolrCoreState
         recoveryStrat.close();
         while (true) {
           try {
-            recoveryStrat.join();
+            future.get();
           } catch (InterruptedException e) {
             // not interruptible - keep waiting
             continue;
+          } catch (ExecutionException e) {
+            break;
           }
           break;
         }



Mime
View raw message