lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From no...@apache.org
Subject [2/2] lucene-solr:branch_6x: SOLR-9692: blockUnknown property still breaks the internode communication
Date Wed, 26 Oct 2016 08:45:06 GMT
SOLR-9692: blockUnknown property still breaks the internode communication


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/8f3f1f3e
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/8f3f1f3e
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/8f3f1f3e

Branch: refs/heads/branch_6x
Commit: 8f3f1f3ebb946eccd1ef1e102d1e3b1db02f031a
Parents: ecb3ea2
Author: Noble Paul <noble@apache.org>
Authored: Wed Oct 26 14:08:29 2016 +0530
Committer: Noble Paul <noble@apache.org>
Committed: Wed Oct 26 14:08:29 2016 +0530

----------------------------------------------------------------------
 .../apache/solr/servlet/SolrDispatchFilter.java    | 17 +++++++++--------
 .../solr/security/BasicAuthIntegrationTest.java    | 17 +++++++++++++----
 2 files changed, 22 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/8f3f1f3e/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java b/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
index eabd29d..5a4cfb6 100644
--- a/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
+++ b/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
@@ -348,22 +348,23 @@ public class SolrDispatchFilter extends BaseSolrFilter {
     if (authenticationPlugin == null) {
       return true;
     } else {
-      if( PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getPathInfo())
) return true;
-      //special case when solr is securing inter-node requests
+      // /admin/info/key must be always open. see SOLR-9188
+      // tests work only w/ getPathInfo
+      //otherwise it's just enough to have getServletPath()
+      if (PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getServletPath())
||
+          PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getPathInfo()))
return true;
       String header = ((HttpServletRequest) request).getHeader(PKIAuthenticationPlugin.HEADER);
       if (header != null && cores.getPkiAuthenticationPlugin() != null)
         authenticationPlugin = cores.getPkiAuthenticationPlugin();
       try {
         log.debug("Request to authenticate: {}, domain: {}, port: {}", request, request.getLocalName(),
request.getLocalPort());
         // upon successful authentication, this should call the chain's next filter.
-        requestContinues = authenticationPlugin.doAuthenticate(request, response, new FilterChain()
{
-          public void doFilter(ServletRequest req, ServletResponse rsp) throws IOException,
ServletException {
-            isAuthenticated.set(true);
-            wrappedRequest.set(req);
-          }
+        requestContinues = authenticationPlugin.doAuthenticate(request, response, (req, rsp)
-> {
+          isAuthenticated.set(true);
+          wrappedRequest.set(req);
         });
       } catch (Exception e) {
-        e.printStackTrace();
+        log.info("Error authenticating", e);
         throw new SolrException(ErrorCode.SERVER_ERROR, "Error during request authentication,
", e);
       }
     }

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/8f3f1f3e/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index a48671e..137fcdd 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -191,6 +191,9 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
 
 
       executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}",
"harry", "HarryIsUberCool");
+      verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/blockUnknown", "true",
20, "harry", "HarryIsUberCool");
+      verifySecurityStatus(cl, baseUrl + "/admin/info/key?wt=json", "key", NOT_NULL_PREDICATE,
20);
+
       String[] toolArgs = new String[]{
           "status", "-solr", baseUrl};
       ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -216,7 +219,8 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
     }
   }
 
-  public static void executeCommand(String url, HttpClient cl, String payload, String user,
String pwd) throws IOException {
+  public static void executeCommand(String url, HttpClient cl, String payload, String user,
String pwd)
+      throws IOException {
     HttpPost httpPost;
     HttpResponse r;
     httpPost = new HttpPost(url);
@@ -245,7 +249,12 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
       if (user != null) setBasicAuthHeader(get, user, pwd);
       HttpResponse rsp = cl.execute(get);
       s = EntityUtils.toString(rsp.getEntity());
-      Map m = (Map) Utils.fromJSONString(s);
+      Map m = null;
+      try {
+        m = (Map) Utils.fromJSONString(s);
+      } catch (Exception e) {
+        fail("Invalid json " + s);
+      }
       Utils.consumeFully(rsp.getEntity());
       Object actual = Utils.getObjectByPath(m, true, hierarchy);
       if (expected instanceof Predicate) {
@@ -283,11 +292,11 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
     return l.isEmpty() ? null : l.get(0);
   }
 
-  static final Predicate NOT_NULL_PREDICATE = o -> o != null;
+  protected static final Predicate NOT_NULL_PREDICATE = o -> o != null;
 
   //the password is 'SolrRocks'
   //this could be generated everytime. But , then we will not know if there is any regression
-  private static final String STD_CONF = "{\n" +
+  protected static final String STD_CONF = "{\n" +
       "  'authentication':{\n" +
       "    'class':'solr.BasicAuthPlugin',\n" +
       "    'credentials':{'solr':'orwp2Ghgj39lmnrZOTm7Qtre1VqHFDfwAEzr0ApbN3Y= Ju5osoAqOX8iafhWpPP01E5P+sg8tK8tHON7rCYZRRw='}},\n"
+


Mime
View raw message