[
https://issues.apache.org/jira/browse/SOLR-12161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16433565#comment-16433565
]
Noble Paul commented on SOLR-12161:
-----------------------------------
the fix is as follows
The threadpool has an extra flag to signal if it is used inside solr or
outside. if it is outside Solr (in SolrJ) then don't set the PKI header.
> CloudSolrClient with basic auth enabled will update even if no credentials
> supplied
> -----------------------------------------------------------------------------------
>
> Key: SOLR-12161
> URL: https://issues.apache.org/jira/browse/SOLR-12161
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Affects Versions: 7.3
> Reporter: Erick Erickson
> Assignee: Noble Paul
> Priority: Major
> Attachments: AuthUpdateTest.java, SOLR-12161.patch, tests.patch
>
>
> This is an offshoot of SOLR-9399. When I was writing a test, if I create a
> cluster with basic authentication set up, I can _still_ add documents to a
> collection even without credentials being set in the request.
> However, simple queries, commits etc. all fail without credentials set in the
> request.
> I'll attach a test class that illustrates the problem.
> If I use a new HttpSolrClient instead of a CloudSolrClient, then the update
> request fails as expected.
> [~noblepaul] do you have any insight here? Possibly something with splitting
> up the update request to go to each individual shard?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
