lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Miller (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-8887) Solr Security features cannot export the internal, deprecated DefaultHttpClient class as part of their user facing API.
Date Wed, 23 Mar 2016 17:13:25 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15208791#comment-15208791
] 

Mark Miller commented on SOLR-8887:
-----------------------------------

I don't even see how you deal with this in a strong back compat way but break it in 7, and
lock us into the HttpClient impl for a whole major version every time. These security classes
need very explicit access it looks :( Not something you can just abstract away.

Really, these are Java APIs and I'd say we don't promise strong back compat between minor
versions anyway though. Let's fix our security impls, doc it better, and move on. But it seems
this has also been exposed as part of a generic security plugin API, which gives me pause
again. But those plugins are new and no more special than searchhandlers or searchcomponents,
which can also break between minor releases depending on the classes you are accessing. I
 think we should update all of it and fix our connection management now rather than wait till
version 7. Making an internal, deprecated class a core part of a plugin api means that plugin
api is fairly subject to change I think.

> Solr Security features cannot export the internal, deprecated DefaultHttpClient class
as part of their user facing API.
> -----------------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-8887
>                 URL: https://issues.apache.org/jira/browse/SOLR-8887
>             Project: Solr
>          Issue Type: Bug
>            Reporter: Mark Miller
>            Priority: Critical
>             Fix For: master
>
>
> Seems security now really depends on HttpClientConfigurer. That class was only used for
tests previously, and was at best completely unsupported. We can't promise an API that locks
us into an internal, low level, class from a lib. Especially a deprecated one. Solr wants
to own the http layer, not get locked into impls.
> We need to stop using DefaultHttpClient, and it's going to break this stuff.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message