[jira] [Commented] (SOLR-14026) Upgrade Jetty to 9.4.24.v20191120 and dropwizard to 4.1.2

Mon, 09 Dec 2019 19:10:07 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-14026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16992139#comment-16992139
 ] 

Erick Erickson commented on SOLR-14026:
---------------------------------------

With both Jetty and DropWizard changes I get two reproducible failures:

*Failure 1*
 JWTAuthPluginIntegrationTest.infoRequestValidateXSolrAuthHeaders

Map<String, String> headers = getHeaders(baseUrl + "/admin/info/system", null);
 assertEquals("401", headers.get("code"));
 *assertEquals("HTTP/1.1 401 Require authentication", headers.get(null)); <-- 
FAILS,* 
 we now get: *HTTP/1.1 401 Unauthorized*
 assertEquals("Bearer realm=\"my-solr-jwt\"", headers.get("WWW-Authenticate"));
 String authData = new 
String(Base64.base64ToByteArray(headers.get("X-Solr-AuthData")), UTF_8);

*Failure 2*
 CoreAdminHandlerTest.testUloadForever

The very last line is:
 *assertTrue(rse.getMessage(), rse.getMessage().contains("Problem accessing 
/solr/corex/select"));*

which would work if I changed it to *contains("HTTP ERROR 404 Can not find: 
/solr/corex/select")*

I can make these tests pass by changing the text. My question is "is this 
related at all to all the security work?" I doubt it but thought I'd ask. 
[~rmuir] [~krisden] [~janhoy] (and anyone else), Any objection to make these 
changes?

 

BTW, the changes for jetty.xml that Kevin just made to _not_ break up lines in 
an entity are also fixed by the newer version of Jetty, so since the security 
work will _probably_ mean that people might want to change jetty.xml, I think 
that's another reason to upgrade. So I'm going to try to get this into 8.4 
absent objections.

> Upgrade Jetty to 9.4.24.v20191120 and dropwizard to 4.1.2
> ---------------------------------------------------------
>
>                 Key: SOLR-14026
>                 URL: https://issues.apache.org/jira/browse/SOLR-14026
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Erick Erickson
>            Assignee: Erick Erickson
>            Priority: Major
>
> Prompted by the linked JIRA.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to