lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From no...@apache.org
Subject [2/2] lucene-solr:branch_7x: SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica
Date Fri, 04 Jan 2019 04:04:17 GMT
SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have
collection replica


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/f18f7b22
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/f18f7b22
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/f18f7b22

Branch: refs/heads/branch_7x
Commit: f18f7b223522e8601afa340443372e6701568740
Parents: d14bf2d
Author: noble <noble@apache.org>
Authored: Fri Jan 4 15:03:58 2019 +1100
Committer: noble <noble@apache.org>
Committed: Fri Jan 4 15:03:58 2019 +1100

----------------------------------------------------------------------
 solr/CHANGES.txt                                |  3 +++
 .../solr/security/BasicAuthIntegrationTest.java | 21 ++++++++++++++++++++
 2 files changed, 24 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/f18f7b22/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index c20a291..188b52c 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -72,6 +72,9 @@ Bug Fixes
   scheduled triggers not be used for very frequent operations to avoid this problem.
   (ab, shalin)
 
+* SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not
have collection replica (noble)
+
+
 * SOLR-11853: Solr installer fails on SuSE linux (Markus Mandalka via janhoy)
 
 * SOLR-12237: Fix incorrect SOLR_SSL_KEYSTORE_TYPE variable in solr start script (janhoy,
Joel Bernstein)

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/f18f7b22/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index 24a813f..214c417 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -42,6 +42,7 @@ import org.apache.http.entity.ByteArrayEntity;
 import org.apache.http.message.AbstractHttpMessage;
 import org.apache.http.message.BasicHeader;
 import org.apache.http.util.EntityUtils;
+import org.apache.solr.client.solrj.SolrClient;
 import org.apache.solr.client.solrj.SolrRequest;
 import org.apache.solr.client.solrj.embedded.JettySolrRunner;
 import org.apache.solr.client.solrj.impl.HttpClientUtil;
@@ -225,6 +226,26 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {
       update.setCommitWithin(100);
       cluster.getSolrClient().request(update, COLLECTION);
 
+      //Test for SOLR-12514. Create a new jetty . This jetty does not have the collection.
+      //Make a request to that jetty and it should fail
+      JettySolrRunner aNewJetty = cluster.startJettySolrRunner();
+      SolrClient aNewClient = aNewJetty.newClient();
+      try {
+        UpdateRequest delQuery = null;
+        delQuery = new UpdateRequest().deleteByQuery("*:*");
+        delQuery.setBasicAuthCredentials("harry","HarryIsUberCool");
+        delQuery.process(aNewClient, COLLECTION);//this should succeed
+
+        delQuery = new UpdateRequest().deleteByQuery("*:*");
+        delQuery.process(aNewClient, COLLECTION);
+        fail("This should not have succeeded without credentials");
+      } catch (HttpSolrClient.RemoteSolrException e) {
+        assertTrue(e.getMessage().contains("Unauthorized request"));
+      } finally {
+        aNewClient.close();
+        cluster.stopJettySolrRunner(aNewJetty);
+      }
+
 
       executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}",
"harry", "HarryIsUberCool");
       verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/blockUnknown", "true",
20, "harry", "HarryIsUberCool");


Mime
View raw message