[ https://issues.apache.org/jira/browse/SOLR-9324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15409459#comment-15409459 ]
Steve Rowe commented on SOLR-9324: ---------------------------------- Another {{TestSolrCloudWithSecureImpersonation.testProxyValidateHost()}} failure from Policeman Jenkins [http://jenkins.thetaphi.de/job/Lucene-Solr-master-Linux/17468/]: {noformat} [junit4] 2> NOTE: reproduce with: ant test -Dtestcase=TestSolrCloudWithSecureImpersonation -Dtests.method=testProxyValidateHost -Dtests.seed=B596175E77DFB007 -Dtests.multiplier=3 -Dtests.slow=true -Dtests.locale=so-DJ -Dtests.timezone=Europe/Guernsey -Dtests.asserts=true -Dtests.file.encoding=US-ASCII [junit4] ERROR 0.02s J2 | TestSolrCloudWithSecureImpersonation.testProxyValidateHost <<< [junit4] > Throwable #1: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at https://127.0.0.1:37485/solr: Expected mime type application/octet-stream but got application/json. { [junit4] > "RemoteException" : { [junit4] > "message" : "Unauthorized connection for super-user: localHostAnyGroup from IP localhost.localdomain", [junit4] > "exception" : "AuthorizationException", [junit4] > "javaClassName" : "org.apache.hadoop.security.authorize.AuthorizationException" [junit4] > } [junit4] > } [junit4] > at __randomizedtesting.SeedInfo.seed([B596175E77DFB007:5068D7AF7298E4B0]:0) [junit4] > at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:576) [junit4] > at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:261) [junit4] > at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:250) [junit4] > at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219) [junit4] > at org.apache.solr.cloud.TestSolrCloudWithSecureImpersonation.testProxyValidateHost(TestSolrCloudWithSecureImpersonation.java:260) [junit4] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-ea/Native Method) [junit4] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(java.base@9-ea/NativeMethodAccessorImpl.java:62) [junit4] > at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-ea/DelegatingMethodAccessorImpl.java:43) [junit4] > at java.lang.Thread.run(java.base@9-ea/Thread.java:843) {noformat} > Support Secure Impersonation / Proxy User for solr authentication > ----------------------------------------------------------------- > > Key: SOLR-9324 > URL: https://issues.apache.org/jira/browse/SOLR-9324 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: SolrCloud > Reporter: Gregory Chanan > Assignee: Gregory Chanan > Attachments: SOLR-9324.patch, SOLR-9324.patch, SOLR-9324.patch, > SOLR-9324_branch_6x.patch, build-6025.log > > > Solr should support Proxy User / Secure Impersonation for authentication, as > supported by hadoop > (http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html) > and supported by the hadoop AuthenticationFilter (which we use for the > KerberosPlugin). > There are a number of use cases, but a common one is this: > There is a front end for searches (say, Hue http://gethue.com/) that supports > its own login mechanisms. If the cluster uses kerberos for authentication, > hue must have kerberos credentials for each user, which is a pain to manage. > Instead, hue can be allowed to impersonate known users from known machines so > it only needs its own kerberos credentials. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org