dolphinium opened a new pull request, #89: URL: https://github.com/apache/solr-mcp/pull/89
## Summary Two small, focused changes that together let the MCP server talk to authenticated, standalone Solr deployments out of the box: 1. **`feat(config)`: optional HTTP Basic Authentication.** Adds `solr.username` / `solr.password` configuration properties (bound from `SOLR_USERNAME` / `SOLR_PASSWORD` env vars). When both are set, credentials are applied via `HttpJdkSolrClient.Builder#withBasicAuthCredentials`; otherwise the client is built exactly as before. 2. **`fix(config)`: tolerate `text/plain` responses.** Some Solr request handlers (notably `/admin/ping` and a number of standalone-mode paths) return JSON-encoded bodies with `Content-Type: text/plain`. SolrJ validates the header against the parser's advertised content types, so these otherwise-valid responses surface through MCP tools (`check-health`, `search`, …) as errors like `Expected mime type in [application/json] but got text/plain`. Widening `JsonResponseParser#getContentTypes()` to advertise both types fixes this with no behaviour change for handlers that already return `application/json`. The two commits are kept separate so they can be reviewed (or reverted) independently; happy to split into two PRs if preferred. ## Motivation Tested end-to-end against a production, Basic-auth-protected, classic-mode Solr reached through an SSH tunnel: - Before: every tool call returned `401 require authentication`; once credentials were wired in, several handlers still failed the Content-Type check. - After: `check-health`, `search`, `get-schema`, etc. all succeed against real cores (standalone mode; `list-collections` remains SolrCloud-only — out of scope here). ## Changes - `SolrConfigurationProperties`: add nullable `username` and `password` record components (JSpecify `@Nullable`); expanded JavaDoc. - `SolrConfig#solrClient`: apply `withBasicAuthCredentials` when both credentials are present and username is non-blank. - `JsonResponseParser#getContentTypes`: advertise `application/json` and `text/plain`. - Docs: `dev-docs/ARCHITECTURE.md` and `dev-docs/DEVELOPMENT.md` list the two new env vars next to `SOLR_URL`. ## Tests - `SolrConfigAuthTest` (new): 5 cases covering none / username-only / password-only / blank-username / both — asserts via reflection on `HttpSolrClientBase#basicAuthAuthorizationStr`. - `JsonResponseParserContentTypesTest` (new): pins the advertised Content-Type set. - `SolrConfigUrlNormalizationTest`: updated to the new record constructor. - `./gradlew build` passes locally (Spotless + NullAway + full unit test suite). ## Test plan - [x] `./gradlew spotlessCheck` - [x] `./gradlew build` (unit tests) - [x] Manual end-to-end against an authenticated classic-mode Solr 9.x over an SSH tunnel ## Notes - No new runtime dependencies. - Behaviour is strictly backwards-compatible: existing deployments that set neither variable are unchanged. - Signed off under DCO; commits follow Conventional Commits per `CONTRIBUTING.md`. Co-authored-by: Claude <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
