lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jan...@apache.org
Subject lucene-solr:master: SOLR-9481: Clearing existing global interceptors on HttpClientUtil to avoid user/pass leaks from other tests
Date Tue, 01 Nov 2016 14:38:32 GMT
Repository: lucene-solr
Updated Branches:
  refs/heads/master 22aa34e01 -> 4383bec84


SOLR-9481: Clearing existing global interceptors on HttpClientUtil to avoid user/pass leaks
from other tests


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/4383bec8
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/4383bec8
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/4383bec8

Branch: refs/heads/master
Commit: 4383bec84c38464c60e63880ad0ba37128d261a3
Parents: 22aa34e
Author: Jan Høydahl <janhoy@apache.org>
Authored: Tue Nov 1 15:38:21 2016 +0100
Committer: Jan Høydahl <janhoy@apache.org>
Committed: Tue Nov 1 15:38:21 2016 +0100

----------------------------------------------------------------------
 solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java  | 1 +
 .../test/org/apache/solr/security/BasicAuthStandaloneTest.java    | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/4383bec8/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java b/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
index 29a887b..5c0717b 100644
--- a/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java
@@ -119,6 +119,7 @@ public class BasicAuthPlugin extends AuthenticationPlugin implements ConfigEdita
               final String username = credentials.substring(0, p).trim();
               String pwd = credentials.substring(p + 1).trim();
               if (!authenticate(username, pwd)) {
+                log.debug("Bad auth credentials supplied in Authorization header");
                 authenticationFailure(response, "Bad credentials");
               } else {
                 HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request)
{

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/4383bec8/solr/core/src/test/org/apache/solr/security/BasicAuthStandaloneTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthStandaloneTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthStandaloneTest.java
index e5fec06..7d6c436 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthStandaloneTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthStandaloneTest.java
@@ -73,6 +73,7 @@ public class BasicAuthStandaloneTest extends AbstractSolrTestCase {
     instance.setUp();
     jetty = createJetty(instance);
     securityConfHandler = new SecurityConfHandlerLocalForTesting(jetty.getCoreContainer());
+    HttpClientUtil.clearRequestInterceptors(); // Clear out any old Authorization headers
   }
 
   @Override
@@ -101,8 +102,6 @@ public class BasicAuthStandaloneTest extends AbstractSolrTestCase {
       securityConfHandler.persistConf(new SecurityConfHandler.SecurityConfig()
           .setData(Utils.fromJSONString(STD_CONF.replaceAll("'", "\""))));
       securityConfHandler.securityConfEdited();
-      log.debug("Newly written security.json is " + securityConfHandler.getSecurityConfig(false)
+
-        " and baseUrl is " + baseUrl);
       verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/class", "solr.BasicAuthPlugin",
20);
 
       String command = "{\n" +


Mime
View raw message