[ https://issues.apache.org/jira/browse/SOLR-11827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cassandra Targett updated SOLR-11827: ------------------------------------- Component/s: Authentication > MockAuthorizationPlugin should return 401 if no principal is specified > ---------------------------------------------------------------------- > > Key: SOLR-11827 > URL: https://issues.apache.org/jira/browse/SOLR-11827 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication > Reporter: Varun Thacker > Priority: Major > > Let's say today if the leader sends a message to the replica and it takes > more than 10s ( the default TTL timeout ) then PKIAuthenticationPlugin will > not pass the principal and RuleBasedAuthorizationPlugin will notice this and > throw a 401 > {code:title=PKIAuthenticationPlugin.java|borderStyle=solid} > if ((receivedTime - decipher.timestamp) > MAX_VALIDITY) { > log.error("Invalid key request timestamp: {} , received timestamp: {} > , TTL: {}", decipher.timestamp, receivedTime, MAX_VALIDITY); > filterChain.doFilter(request, response); > return true; > } > {code} > {code:title=RuleBasedAuthorizationPlugin.java|borderStyle=solid} > if (principal == null) { > log.info("request has come without principal. failed permission {} > ",permission); > //this resource needs a principal but the request has come without > //any credential. > return MatchStatus.USER_REQUIRED; > } > {code} > I was trying to verify this with PKIAuthenticationIntegrationTest but I > noticed that since this test uses MockAuthorizationPlugin where no principal > is treated as a 200 the test won't fail. > So we should enhance MockAuthorizationPlugin to treat no principal as a 401 > and add a test in PKIAuthenticationIntegrationTest to verify the behaviour -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org