rseitz opened a new pull request, #2404: URL: https://github.com/apache/solr/pull/2404
https://issues.apache.org/jira/browse/SOLR-12813 # Description This PR fixes an issue where subqueries don't work when basic auth is enabled. The problem surfaces when 2 or more shards are involved, and when the solr node(s) are not started with the -Dbasicauth system property. The root cause is that the SubQueryAugmenter discards any basic auth credentials that have been sent with the original query request. There are two separate places where basic auth credentials are lost. First, the SubQueryAugmenter's transform() method issues a subquery by calling EmbeddedSolrServer.query() without ever setting a user principal on the generated QueryRequest. Second, if we look at how EmbeddedSolrServer actually processes a QueryRequest, we see that various transformations are applied, resulting in a SolrQueryRequestBase that fails to return the user principal via getUserPrincipal() even if it had been properly set on the original QueryRequest. # Solution SubQueryAugment.transform() now generates a QueryRequest explicitly, so that the user principal can be set on this QueryRequest before it is processed. EmbeddedSolrServer now attempts to preserve the user principal on a QueryRequest when generating a SolrQueryRequestBase. To do this, EmbeddedSolrServer relies on an updated buildRequestFrom() utility method in SolrRequestParsers that allows for a user principal to be provided explicitly. # Tests TestSubQueryTransformerDistrib has been updated to use basic auth. I have confirmed that the updated test without the fix, but passes with the fix. I have also manually tested the change in a 2 node cluster with two shards, where I enabled basic auth and issued a subquery successfully. # Checklist Please review the following and check all that apply: - [x] I have reviewed the guidelines for [How to Contribute](https://github.com/apache/solr/blob/main/CONTRIBUTING.md) and my code conforms to the standards described there to the best of my ability. - [x] I have created a Jira issue and added the issue ID to my pull request title. - [x] I have given Solr maintainers [access](https://help.github.com/en/articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork) to contribute to my PR branch. (optional but recommended) - [x] I have developed this patch against the `main` branch. - [x] I have run `./gradlew check`. - [x] I have added tests for my changes. - [ ] I have added documentation for the [Reference Guide](https://github.com/apache/solr/tree/main/solr/solr-ref-guide) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org