[jira] [Updated] (SOLR-9324) Support Secure Impersonation / Proxy User for solr authentication

Varun Thacker (JIRA) Fri, 05 Aug 2016 00:01:06 -0700

     [ 
https://issues.apache.org/jira/browse/SOLR-9324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Varun Thacker updated SOLR-9324:
--------------------------------
    Attachment: build-6025.log

I noticed a build failure which might be related to this Jira

{code}
   [junit4] ERROR   0.00s J0 | TestSolrCloudWithSecureImpersonation (suite) <<<
   [junit4]    > Throwable #1: 
com.google.common.util.concurrent.UncheckedExecutionException: 
java.lang.NullPointerException
   [junit4]    >        at 
__randomizedtesting.SeedInfo.seed([8FC0C721DAFEABEC]:0)
   [junit4]    >        at 
com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2263)
   [junit4]    >        at 
com.google.common.cache.LocalCache.get(LocalCache.java:4000)
   [junit4]    >        at 
com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:4004)
   [junit4]    >        at 
com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4874)
   [junit4]    >        at 
org.apache.hadoop.security.Groups.getGroups(Groups.java:182)
   [junit4]    >        at 
org.apache.solr.cloud.TestSolrCloudWithSecureImpersonation.getUsersFirstGroup(TestSolrCloudWithSecureImpersonation.java:60)
   [junit4]    >        at 
org.apache.solr.cloud.TestSolrCloudWithSecureImpersonation.getImpersonatorSettings(TestSolrCloudWithSecureImpersonation.java:74)
   [junit4]    >        at 
org.apache.solr.cloud.TestSolrCloudWithSecureImpersonation.startup(TestSolrCloudWithSecureImpersonation.java:87)
   [junit4]    >        at java.lang.Thread.run(Thread.java:745)
   [junit4]    > Caused by: java.lang.NullPointerException
   [junit4]    >        at 
java.lang.ProcessBuilder.start(ProcessBuilder.java:1012)
   [junit4]    >        at 
org.apache.hadoop.util.Shell.runCommand(Shell.java:483)
   [junit4]    >        at org.apache.hadoop.util.Shell.run(Shell.java:456)
   [junit4]    >        at 
org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:722)
   [junit4]    >        at 
org.apache.hadoop.util.Shell.execCommand(Shell.java:815)
   [junit4]    >        at 
org.apache.hadoop.util.Shell.execCommand(Shell.java:798)
   [junit4]    >        at 
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:84)
   [junit4]    >        at 
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:52)
   [junit4]    >        at 
org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
   [junit4]    >        at 
org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:239)
   [junit4]    >        at 
org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:220)
   [junit4]    >        at 
org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:208)
   [junit4]    >        at 
com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3599)
   [junit4]    >        at 
com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2379)
   [junit4]    >        at 
com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2342)
   [junit4]    >        at 
com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2257)
   [junit4]    >        ... 31 moreThrowable #2: java.lang.NullPointerException
   [junit4]    >        at 
__randomizedtesting.SeedInfo.seed([8FC0C721DAFEABEC]:0)
   [junit4]    >        at 
org.apache.solr.cloud.TestSolrCloudWithSecureImpersonation.shutdown(TestSolrCloudWithSecureImpersonation.java:137)
   [junit4]    >        at java.lang.Thread.run(Thread.java:745)
{code}

Excerpt from http://jenkins.thetaphi.de/job/Lucene-Solr-master-Windows/6025/ 
and the complete logs are attached.

> Support Secure Impersonation / Proxy User for solr authentication
> -----------------------------------------------------------------
>
>                 Key: SOLR-9324
>                 URL: https://issues.apache.org/jira/browse/SOLR-9324
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: SolrCloud
>            Reporter: Gregory Chanan
>            Assignee: Gregory Chanan
>         Attachments: SOLR-9324.patch, SOLR-9324.patch, SOLR-9324.patch, 
> SOLR-9324_branch_6x.patch, build-6025.log
>
>
> Solr should support Proxy User / Secure Impersonation for authentication, as 
> supported by hadoop 
> (http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html)
>  and supported by the hadoop AuthenticationFilter (which we use for the 
> KerberosPlugin).
> There are a number of use cases, but a common one is this:
> There is a front end for searches (say, Hue http://gethue.com/) that supports 
> its own login mechanisms.  If the cluster uses kerberos for authentication, 
> hue must have kerberos credentials for each user, which is a pain to manage.  
> Instead, hue can be allowed to impersonate known users from known machines so 
> it only needs its own kerberos credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (SOLR-9324) Support Secure Impersonation / Proxy User for solr authentication

Reply via email to