Hello Jan, Can this one line change in UpdateRequest.java be included for 6.3 release while we continue to improve/fix the unit tests. The unit tests are also added but somehow they do not fail correctly.
We really wanted to have this change SOLR-9399 <https://issues.apache.org/jira/browse/SOLR-9399> (delete requests to include auth credentials) and SOLR-9188 (blockUnknown property...) to be in 6.3 release to be able to setup Basic Authentication in our Solr cluster. Thanks, Susheel On Fri, Oct 21, 2016 at 8:45 AM, Susheel Kumar <susheel2...@gmail.com> wrote: > and this behavior of not failing update.process() with bad credentials > only seen within the test / for the test cluster created within the > BasicAuthIntegrationTest. If I point it to external cluster, the same code > i.e. update.process() fails for bad credentials. Something is weird / > missing in test. I debugged deep to the SolrHttpClient yesterday which > ultimately sends the update POST request and it returns 200 status when > run from BasicAuthIntegrationTest while same returns 401 when point > to external cluster. Does that tells anything. Not sure if retry/PKI auth > may have any role. > > HttpSolrClient.java > > --- > > final HttpResponse response = httpClient.execute(method, ht > tpClientRequestContext); > > int httpStatus = response.getStatusLine().getStatusCode(); > > On Fri, Oct 21, 2016 at 7:59 AM, Jan Høydahl (JIRA) <j...@apache.org> > wrote: > >> >> [ https://issues.apache.org/jira/browse/SOLR-9399?page=com. >> atlassian.jira.plugin.system.issuetabpanels:comment-tabpane >> l&focusedCommentId=15594893#comment-15594893 ] >> >> Jan Høydahl commented on SOLR-9399: >> ----------------------------------- >> >> Did some more testing and managed to have the CloudSolrClient actually >> fail with 401, but only when calling update.commit() and patching >> CloudSolrClient, adding in line 799 >> {code} >> >> nonRoutableRequest.setBasicAuthCredentials(updateRequest.getBasicAuthUser(), >> updateRequest.getBasicAuthPassword()); >> {code} >> >> However, when calling update.process() the update request succeeds even >> with wrong credentials. I even verified that the doc gets added/deleted >> from the index when using wrong credentials. The process() method is using >> some retry logic, could it be that the retry succeeds using PKI auth? >> >> > Delete requests do not send credentials & fails for Basic Authentication >> > ------------------------------------------------------------ >> ------------ >> > >> > Key: SOLR-9399 >> > URL: https://issues.apache.org/jira/browse/SOLR-9399 >> > Project: Solr >> > Issue Type: Bug >> > Security Level: Public(Default Security Level. Issues are Public) >> > Components: SolrJ >> > Affects Versions: 6.0, 6.0.1, 6.x >> > Reporter: Susheel Kumar >> > Labels: security >> > >> > The getRoutes(..) func of UpdateRequest do not pass credentials to >> LBHttpSolrClient when deleteById is set while for updates it passes the >> credentials. See below code snippet >> > if (deleteById != null) { >> > >> > Iterator<Map.Entry<String,Map<String,Object>>> entries = >> deleteById.entrySet() >> > .iterator(); >> > while (entries.hasNext()) { >> > >> > Map.Entry<String,Map<String,Object>> entry = entries.next(); >> > >> > String deleteId = entry.getKey(); >> > Map<String,Object> map = entry.getValue(); >> > Long version = null; >> > if (map != null) { >> > version = (Long) map.get(VER); >> > } >> > Slice slice = router.getTargetSlice(deleteId, null, null, >> null, col); >> > if (slice == null) { >> > return null; >> > } >> > List<String> urls = urlMap.get(slice.getName()); >> > if (urls == null) { >> > return null; >> > } >> > String leaderUrl = urls.get(0); >> > LBHttpSolrClient.Req request = routes.get(leaderUrl); >> > if (request != null) { >> > UpdateRequest urequest = (UpdateRequest) request.getRequest(); >> > urequest.deleteById(deleteId, version); >> > } else { >> > UpdateRequest urequest = new UpdateRequest(); >> > urequest.setParams(params); >> > urequest.deleteById(deleteId, version); >> > urequest.setCommitWithin(getCommitWithin()); >> > request = new LBHttpSolrClient.Req(urequest, urls); >> > routes.put(leaderUrl, request); >> > } >> > } >> > } >> >> >> >> -- >> This message was sent by Atlassian JIRA >> (v6.3.4#6332) >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org >> For additional commands, e-mail: dev-h...@lucene.apache.org >> >> >
