From commits-return-105942-archive-asf-public=cust-asf.ponee.io@lucene.apache.org Fri Jan 4 05:04:19 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id CA24E180608 for ; Fri, 4 Jan 2019 05:04:18 +0100 (CET) Received: (qmail 84538 invoked by uid 500); 4 Jan 2019 04:04:17 -0000 Mailing-List: contact commits-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@lucene.apache.org Delivered-To: mailing list commits@lucene.apache.org Received: (qmail 84468 invoked by uid 99); 4 Jan 2019 04:04:16 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jan 2019 04:04:16 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 26F7EE1198; Fri, 4 Jan 2019 04:04:16 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: noble@apache.org To: commits@lucene.apache.org Date: Fri, 04 Jan 2019 04:04:17 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [2/2] lucene-solr:branch_7x: SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/f18f7b22 Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/f18f7b22 Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/f18f7b22 Branch: refs/heads/branch_7x Commit: f18f7b223522e8601afa340443372e6701568740 Parents: d14bf2d Author: noble Authored: Fri Jan 4 15:03:58 2019 +1100 Committer: noble Committed: Fri Jan 4 15:03:58 2019 +1100 ---------------------------------------------------------------------- solr/CHANGES.txt | 3 +++ .../solr/security/BasicAuthIntegrationTest.java | 21 ++++++++++++++++++++ 2 files changed, 24 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/f18f7b22/solr/CHANGES.txt ---------------------------------------------------------------------- diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index c20a291..188b52c 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -72,6 +72,9 @@ Bug Fixes scheduled triggers not be used for very frequent operations to avoid this problem. (ab, shalin) +* SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica (noble) + + * SOLR-11853: Solr installer fails on SuSE linux (Markus Mandalka via janhoy) * SOLR-12237: Fix incorrect SOLR_SSL_KEYSTORE_TYPE variable in solr start script (janhoy, Joel Bernstein) http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/f18f7b22/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java ---------------------------------------------------------------------- diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java index 24a813f..214c417 100644 --- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java +++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java @@ -42,6 +42,7 @@ import org.apache.http.entity.ByteArrayEntity; import org.apache.http.message.AbstractHttpMessage; import org.apache.http.message.BasicHeader; import org.apache.http.util.EntityUtils; +import org.apache.solr.client.solrj.SolrClient; import org.apache.solr.client.solrj.SolrRequest; import org.apache.solr.client.solrj.embedded.JettySolrRunner; import org.apache.solr.client.solrj.impl.HttpClientUtil; @@ -225,6 +226,26 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase { update.setCommitWithin(100); cluster.getSolrClient().request(update, COLLECTION); + //Test for SOLR-12514. Create a new jetty . This jetty does not have the collection. + //Make a request to that jetty and it should fail + JettySolrRunner aNewJetty = cluster.startJettySolrRunner(); + SolrClient aNewClient = aNewJetty.newClient(); + try { + UpdateRequest delQuery = null; + delQuery = new UpdateRequest().deleteByQuery("*:*"); + delQuery.setBasicAuthCredentials("harry","HarryIsUberCool"); + delQuery.process(aNewClient, COLLECTION);//this should succeed + + delQuery = new UpdateRequest().deleteByQuery("*:*"); + delQuery.process(aNewClient, COLLECTION); + fail("This should not have succeeded without credentials"); + } catch (HttpSolrClient.RemoteSolrException e) { + assertTrue(e.getMessage().contains("Unauthorized request")); + } finally { + aNewClient.close(); + cluster.stopJettySolrRunner(aNewJetty); + } + executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool"); verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/blockUnknown", "true", 20, "harry", "HarryIsUberCool");