subject:"\[jira\] \[Commented\] \(SOLR\-9399\) Delete requests do not send credentials \& fails for Basic Authentication"

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2018-11-15 Thread Erick Erickson (JIRA)



[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16689005#comment-16689005
 ] 

Erick Erickson commented on SOLR-9399:
--

It's highly unlikely that this would cause an official re-spin of Solr, You'll 
have to apply the patch to a 6x branch of Solr and build it locally.

> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>Assignee: Erick Erickson
>Priority: Major
>  Labels: security
> Fix For: 7.4, master (8.0)
>
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2018-11-15 Thread Jeff Walraven (JIRA)



[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16688890#comment-16688890
 ] 

Jeff Walraven commented on SOLR-9399:
-

Could we get this patch applied to major version 6 as well?

> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>Assignee: Erick Erickson
>Priority: Major
>  Labels: security
> Fix For: 7.4, master (8.0)
>
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2018-04-02 Thread Erick Erickson (JIRA)


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16422717#comment-16422717
 ] 

Erick Erickson commented on SOLR-9399:
--

Closing this one, SOLR-12161 has the spin-off where updates succeed without 
credentials that was causing all the test problems.

> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>Assignee: Erick Erickson
>Priority: Major
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2018-04-02 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16422716#comment-16422716
 ] 

ASF subversion and git services commented on SOLR-9399:
---

Commit ade301bd0daed28dc7601d5bd2b460bc076c989f in lucene-solr's branch 
refs/heads/master from Erick
[ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=ade301b ]

SOLR-9399: Delete requests do not send credentials & fails for Basic 
Authentication (CHANGES.txt)


> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>Assignee: Erick Erickson
>Priority: Major
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2018-04-02 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16422714#comment-16422714
 ] 

ASF subversion and git services commented on SOLR-9399:
---

Commit ffd46c8a7fde20aae3b8e62d87d3825dc562f414 in lucene-solr's branch 
refs/heads/branch_7x from Erick
[ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=ffd46c8 ]

SOLR-9399: Delete requests do not send credentials & fails for Basic 
Authentication (CHANGES.txt)

(cherry picked from commit ade301b)


> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>Assignee: Erick Erickson
>Priority: Major
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2018-04-02 Thread JIRA


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16422713#comment-16422713
 ] 

Jan Høydahl commented on SOLR-9399:
---

Thanks Erick!

> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>Assignee: Erick Erickson
>Priority: Major
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2018-04-02 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16422711#comment-16422711
 ] 

ASF subversion and git services commented on SOLR-9399:
---

Commit b217f517f9e023ca113a7b288e36b9485200d653 in lucene-solr's branch 
refs/heads/branch_7x from Erick
[ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=b217f51 ]

SOLR-9399: Delete requests do not send credentials & fails for Basic 
Authentication

(cherry picked from commit d2cb6ad)


> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>Assignee: Erick Erickson
>Priority: Major
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2018-04-02 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16422704#comment-16422704
 ] 

ASF subversion and git services commented on SOLR-9399:
---

Commit d2cb6adde9ef1b3d6599cb39de0285e86611bef0 in lucene-solr's branch 
refs/heads/master from Erick
[ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=d2cb6ad ]

SOLR-9399: Delete requests do not send credentials & fails for Basic 
Authentication


> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>Assignee: Erick Erickson
>Priority: Major
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2017-04-24 Thread JIRA


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15980798#comment-15980798
 ] 

Jan Høydahl commented on SOLR-9399:
---

How does this issue compare to SOLR-10453? Will this 
{{request.setBasicAuthCredentials}} eventually go away? [~gerlowskija]

> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2017-04-24 Thread JIRA


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15980778#comment-15980778
 ] 

Jan Høydahl commented on SOLR-9399:
---

Anyone who is able to write a failing test for this issue so it can be fixed 
for next version? [~susheel2...@gmail.com] [~romseygeek]

> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1
>Reporter: Susheel Kumar
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-31 Thread JIRA


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15622084#comment-15622084
 ] 

Jan Høydahl commented on SOLR-9399:
---

I think this won't make it for 6.3 unless someone can get the unit test straight

> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1, 6.x
>Reporter: Susheel Kumar
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Re: [jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-27 Thread Susheel Kumar

Hello Jan,

Can this one line change in UpdateRequest.java be included for 6.3 release
while we continue to improve/fix the unit tests.  The unit tests are also
added but somehow they do not fail correctly.

We really wanted to have this change SOLR-9399
 (delete requests to
include auth credentials) and SOLR-9188 (blockUnknown property...) to be in
6.3 release to be able to setup Basic Authentication in our Solr cluster.

Thanks,
Susheel

On Fri, Oct 21, 2016 at 8:45 AM, Susheel Kumar 
wrote:

> and this behavior of not failing update.process() with bad credentials
> only seen within the test / for the test cluster created within the
> BasicAuthIntegrationTest.  If I point it to external cluster, the same code
>  i.e. update.process() fails for bad credentials.  Something is weird /
> missing in test.  I debugged deep to the SolrHttpClient yesterday which
> ultimately sends the update POST request  and it returns 200 status when
> run from BasicAuthIntegrationTest while same returns 401 when point
> to external cluster.  Does that tells anything. Not sure if retry/PKI auth
> may have any role.
>
> HttpSolrClient.java
>
> ---
>
>  final HttpResponse response = httpClient.execute(method, ht
> tpClientRequestContext);
>
>  int httpStatus = response.getStatusLine().getStatusCode();
>
> On Fri, Oct 21, 2016 at 7:59 AM, Jan Høydahl (JIRA) 
> wrote:
>
>>
>> [ https://issues.apache.org/jira/browse/SOLR-9399?page=com.
>> atlassian.jira.plugin.system.issuetabpanels:comment-tabpane
>> l=15594893#comment-15594893 ]
>>
>> Jan Høydahl commented on SOLR-9399:
>> ---
>>
>> Did some more testing and managed to have the CloudSolrClient actually
>> fail with 401, but only when calling update.commit() and patching
>> CloudSolrClient, adding in line 799
>> {code}
>> 
>> nonRoutableRequest.setBasicAuthCredentials(updateRequest.getBasicAuthUser(),
>> updateRequest.getBasicAuthPassword());
>> {code}
>>
>> However, when calling update.process() the update request succeeds even
>> with wrong credentials. I even verified that the doc gets added/deleted
>> from the index when using wrong credentials. The process() method is using
>> some retry logic, could it be that the retry succeeds using PKI auth?
>>
>> > Delete requests do not send credentials & fails for Basic Authentication
>> > 
>> 
>> >
>> > Key: SOLR-9399
>> > URL: https://issues.apache.org/jira/browse/SOLR-9399
>> > Project: Solr
>> >  Issue Type: Bug
>> >  Security Level: Public(Default Security Level. Issues are Public)
>> >  Components: SolrJ
>> >Affects Versions: 6.0, 6.0.1, 6.x
>> >Reporter: Susheel Kumar
>> >  Labels: security
>> >
>> > The getRoutes(..) func of UpdateRequest do not pass credentials to
>> LBHttpSolrClient when deleteById is set while for updates it passes the
>> credentials.  See below code snippet
>> >   if (deleteById != null) {
>> >
>> >   Iterator>> entries =
>> deleteById.entrySet()
>> >   .iterator();
>> >   while (entries.hasNext()) {
>> >
>> > Map.Entry> entry = entries.next();
>> >
>> > String deleteId = entry.getKey();
>> > Map map = entry.getValue();
>> > Long version = null;
>> > if (map != null) {
>> >   version = (Long) map.get(VER);
>> > }
>> > Slice slice = router.getTargetSlice(deleteId, null, null,
>> null, col);
>> > if (slice == null) {
>> >   return null;
>> > }
>> > List urls = urlMap.get(slice.getName());
>> > if (urls == null) {
>> >   return null;
>> > }
>> > String leaderUrl = urls.get(0);
>> > LBHttpSolrClient.Req request = routes.get(leaderUrl);
>> > if (request != null) {
>> >   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>> >   urequest.deleteById(deleteId, version);
>> > } else {
>> >   UpdateRequest urequest = new UpdateRequest();
>> >   urequest.setParams(params);
>> >   urequest.deleteById(deleteId, version);
>> >   urequest.setCommitWithin(getCommitWithin());
>> >   request = new LBHttpSolrClient.Req(urequest, urls);
>> >   routes.put(leaderUrl, request);
>> > }
>> >   }
>> > }
>>
>>
>>
>> --
>> This message was sent by Atlassian JIRA
>> (v6.3.4#6332)
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>> For additional commands, e-mail: dev-h...@lucene.apache.org
>>
>>
>

Re: [jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-21 Thread Susheel Kumar

and this behavior of not failing update.process() with bad credentials only
seen within the test / for the test cluster created within the
BasicAuthIntegrationTest.  If I point it to external cluster, the same code
 i.e. update.process() fails for bad credentials.  Something is weird /
missing in test.  I debugged deep to the SolrHttpClient yesterday which
ultimately sends the update POST request  and it returns 200 status when
run from BasicAuthIntegrationTest while same returns 401 when point
to external cluster.  Does that tells anything. Not sure if retry/PKI auth
may have any role.

HttpSolrClient.java

---

 final HttpResponse response = httpClient.execute(method,
httpClientRequestContext);

 int httpStatus = response.getStatusLine().getStatusCode();

On Fri, Oct 21, 2016 at 7:59 AM, Jan Høydahl (JIRA)  wrote:

>
> [ https://issues.apache.org/jira/browse/SOLR-9399?page=
> com.atlassian.jira.plugin.system.issuetabpanels:comment-
> tabpanel=15594893#comment-15594893 ]
>
> Jan Høydahl commented on SOLR-9399:
> ---
>
> Did some more testing and managed to have the CloudSolrClient actually
> fail with 401, but only when calling update.commit() and patching
> CloudSolrClient, adding in line 799
> {code}
> 
> nonRoutableRequest.setBasicAuthCredentials(updateRequest.getBasicAuthUser(),
> updateRequest.getBasicAuthPassword());
> {code}
>
> However, when calling update.process() the update request succeeds even
> with wrong credentials. I even verified that the doc gets added/deleted
> from the index when using wrong credentials. The process() method is using
> some retry logic, could it be that the retry succeeds using PKI auth?
>
> > Delete requests do not send credentials & fails for Basic Authentication
> > 
> >
> > Key: SOLR-9399
> > URL: https://issues.apache.org/jira/browse/SOLR-9399
> > Project: Solr
> >  Issue Type: Bug
> >  Security Level: Public(Default Security Level. Issues are Public)
> >  Components: SolrJ
> >Affects Versions: 6.0, 6.0.1, 6.x
> >Reporter: Susheel Kumar
> >  Labels: security
> >
> > The getRoutes(..) func of UpdateRequest do not pass credentials to
> LBHttpSolrClient when deleteById is set while for updates it passes the
> credentials.  See below code snippet
> >   if (deleteById != null) {
> >
> >   Iterator>> entries =
> deleteById.entrySet()
> >   .iterator();
> >   while (entries.hasNext()) {
> >
> > Map.Entry> entry = entries.next();
> >
> > String deleteId = entry.getKey();
> > Map map = entry.getValue();
> > Long version = null;
> > if (map != null) {
> >   version = (Long) map.get(VER);
> > }
> > Slice slice = router.getTargetSlice(deleteId, null, null, null,
> col);
> > if (slice == null) {
> >   return null;
> > }
> > List urls = urlMap.get(slice.getName());
> > if (urls == null) {
> >   return null;
> > }
> > String leaderUrl = urls.get(0);
> > LBHttpSolrClient.Req request = routes.get(leaderUrl);
> > if (request != null) {
> >   UpdateRequest urequest = (UpdateRequest) request.getRequest();
> >   urequest.deleteById(deleteId, version);
> > } else {
> >   UpdateRequest urequest = new UpdateRequest();
> >   urequest.setParams(params);
> >   urequest.deleteById(deleteId, version);
> >   urequest.setCommitWithin(getCommitWithin());
> >   request = new LBHttpSolrClient.Req(urequest, urls);
> >   routes.put(leaderUrl, request);
> > }
> >   }
> > }
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.3.4#6332)
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
>
>

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-21 Thread JIRA


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15594893#comment-15594893
 ] 

Jan Høydahl commented on SOLR-9399:
---

Did some more testing and managed to have the CloudSolrClient actually fail 
with 401, but only when calling update.commit() and patching CloudSolrClient, 
adding in line 799
{code}

nonRoutableRequest.setBasicAuthCredentials(updateRequest.getBasicAuthUser(), 
updateRequest.getBasicAuthPassword());
{code}

However, when calling update.process() the update request succeeds even with 
wrong credentials. I even verified that the doc gets added/deleted from the 
index when using wrong credentials. The process() method is using some retry 
logic, could it be that the retry succeeds using PKI auth?

> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1, 6.x
>Reporter: Susheel Kumar
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Re: [jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-20 Thread Susheel Kumar

Hi Jan, Alan,

I am having same issue, unable to make the delete/update/query tests fails
for basic authentication. Interestingly after setting up cluster,
collection and upload of security.json within the test and putting a
breakpoint, if i open the URL
"http://127.0.0.1:/solr/admin/authentication
thru browser / rest client it asks for credential but somehow the
HttpClient returns 200 even though with incorrect credential.

I thought HttpClient may be caching but it doesn't look like.  Here is the
updated pull request https://github.com/apache/lucene-solr/pull/69/files

Also the same code works if I point to my dev solr cluster/instance but
within test it doesn't.

HttpSolrClient.java

---

 final HttpResponse response = httpClient.execute(method,
httpClientRequestContext);

 int httpStatus = response.getStatusLine().getStatusCode();

On Thu, Oct 20, 2016 at 11:09 AM, Susheel Kumar (JIRA) 
wrote:

>
> [ https://issues.apache.org/jira/browse/SOLR-9399?page=
> com.atlassian.jira.plugin.system.issuetabpanels:comment-
> tabpanel=15592078#comment-15592078 ]
>
> Susheel Kumar commented on SOLR-9399:
> -
>
> I recall something similar experience but let me again look after test has
> been refactored to make it fail first.
>
>
>
>
> > Delete requests do not send credentials & fails for Basic Authentication
> > 
> >
> > Key: SOLR-9399
> > URL: https://issues.apache.org/jira/browse/SOLR-9399
> > Project: Solr
> >  Issue Type: Bug
> >  Security Level: Public(Default Security Level. Issues are Public)
> >  Components: SolrJ
> >Affects Versions: 6.0, 6.0.1, 6.x
> >Reporter: Susheel Kumar
> >  Labels: security
> >
> > The getRoutes(..) func of UpdateRequest do not pass credentials to
> LBHttpSolrClient when deleteById is set while for updates it passes the
> credentials.  See below code snippet
> >   if (deleteById != null) {
> >
> >   Iterator>> entries =
> deleteById.entrySet()
> >   .iterator();
> >   while (entries.hasNext()) {
> >
> > Map.Entry> entry = entries.next();
> >
> > String deleteId = entry.getKey();
> > Map map = entry.getValue();
> > Long version = null;
> > if (map != null) {
> >   version = (Long) map.get(VER);
> > }
> > Slice slice = router.getTargetSlice(deleteId, null, null, null,
> col);
> > if (slice == null) {
> >   return null;
> > }
> > List urls = urlMap.get(slice.getName());
> > if (urls == null) {
> >   return null;
> > }
> > String leaderUrl = urls.get(0);
> > LBHttpSolrClient.Req request = routes.get(leaderUrl);
> > if (request != null) {
> >   UpdateRequest urequest = (UpdateRequest) request.getRequest();
> >   urequest.deleteById(deleteId, version);
> > } else {
> >   UpdateRequest urequest = new UpdateRequest();
> >   urequest.setParams(params);
> >   urequest.deleteById(deleteId, version);
> >   urequest.setCommitWithin(getCommitWithin());
> >   request = new LBHttpSolrClient.Req(urequest, urls);
> >   routes.put(leaderUrl, request);
> > }
> >   }
> > }
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.3.4#6332)
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
>
>

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-20 Thread Susheel Kumar (JIRA)


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15592077#comment-15592077
 ] 

Susheel Kumar commented on SOLR-9399:
-

I recall something similar experience but let me again look after test has
been refactored to make it fail first.




> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1, 6.x
>Reporter: Susheel Kumar
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-20 Thread Susheel Kumar (JIRA)


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15592078#comment-15592078
 ] 

Susheel Kumar commented on SOLR-9399:
-

I recall something similar experience but let me again look after test has
been refactored to make it fail first.




> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1, 6.x
>Reporter: Susheel Kumar
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-20 Thread JIRA


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15591884#comment-15591884
 ] 

Jan Høydahl commented on SOLR-9399:
---

I tested manually that your fix works, and started carving out a test case, but 
failed to have the deleteById test fail :(
Here was my work-in-progress 
https://github.com/cominvent/lucene-solr/commit/740c8248fe3ad879b290a97d798468c64ceb68ec
 I could not even get the add document command to fail

> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1, 6.x
>Reporter: Susheel Kumar
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Re: [jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-20 Thread Susheel Kumar

Sure, let me look into the tests.

On Thu, Oct 20, 2016 at 9:06 AM, ASF GitHub Bot (JIRA) 
wrote:

>
> [ https://issues.apache.org/jira/browse/SOLR-9399?page=
> com.atlassian.jira.plugin.system.issuetabpanels:comment-
> tabpanel=15591769#comment-15591769 ]
>
> ASF GitHub Bot commented on SOLR-9399:
> --
>
> Github user romseygeek commented on the issue:
>
> https://github.com/apache/lucene-solr/pull/69
>
> Hi,
>
> BasicAuthIntegrationTest has been refactored since you opened this
> request, do you think you could try adding a test case in there now?
>
>
> > Delete requests do not send credentials & fails for Basic Authentication
> > 
> >
> > Key: SOLR-9399
> > URL: https://issues.apache.org/jira/browse/SOLR-9399
> > Project: Solr
> >  Issue Type: Bug
> >  Security Level: Public(Default Security Level. Issues are Public)
> >  Components: SolrJ
> >Affects Versions: 6.0, 6.0.1, 6.x
> >Reporter: Susheel Kumar
> >  Labels: security
> >
> > The getRoutes(..) func of UpdateRequest do not pass credentials to
> LBHttpSolrClient when deleteById is set while for updates it passes the
> credentials.  See below code snippet
> >   if (deleteById != null) {
> >
> >   Iterator>> entries =
> deleteById.entrySet()
> >   .iterator();
> >   while (entries.hasNext()) {
> >
> > Map.Entry> entry = entries.next();
> >
> > String deleteId = entry.getKey();
> > Map map = entry.getValue();
> > Long version = null;
> > if (map != null) {
> >   version = (Long) map.get(VER);
> > }
> > Slice slice = router.getTargetSlice(deleteId, null, null, null,
> col);
> > if (slice == null) {
> >   return null;
> > }
> > List urls = urlMap.get(slice.getName());
> > if (urls == null) {
> >   return null;
> > }
> > String leaderUrl = urls.get(0);
> > LBHttpSolrClient.Req request = routes.get(leaderUrl);
> > if (request != null) {
> >   UpdateRequest urequest = (UpdateRequest) request.getRequest();
> >   urequest.deleteById(deleteId, version);
> > } else {
> >   UpdateRequest urequest = new UpdateRequest();
> >   urequest.setParams(params);
> >   urequest.deleteById(deleteId, version);
> >   urequest.setCommitWithin(getCommitWithin());
> >   request = new LBHttpSolrClient.Req(urequest, urls);
> >   routes.put(leaderUrl, request);
> > }
> >   }
> > }
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.3.4#6332)
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
>
>

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-20 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15591769#comment-15591769
 ] 

ASF GitHub Bot commented on SOLR-9399:
--

Github user romseygeek commented on the issue:

https://github.com/apache/lucene-solr/pull/69
  
Hi,

BasicAuthIntegrationTest has been refactored since you opened this request, 
do you think you could try adding a test case in there now?


> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1, 6.x
>Reporter: Susheel Kumar
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

2016-10-20 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15591733#comment-15591733
 ] 

ASF GitHub Bot commented on SOLR-9399:
--

Github user susheelks commented on the issue:

https://github.com/apache/lucene-solr/pull/69
  
Hello,

Can this pull request be merged and committed that it can be part of Solr 
6.3 release.  This is a simple one line addition to pass auth credentials 
during a delete request on SolrJ side. If this has already been merged, can we 
close this JIRA.

Thanks,
Susheel


> Delete requests do not send credentials & fails for Basic Authentication
> 
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
>  Issue Type: Bug
>  Security Level: Public(Default Security Level. Issues are Public) 
>  Components: SolrJ
>Affects Versions: 6.0, 6.0.1, 6.x
>Reporter: Susheel Kumar
>  Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to 
> LBHttpSolrClient when deleteById is set while for updates it passes the 
> credentials.  See below code snippet
>   if (deleteById != null) {
>   
>   Iterator>> entries = 
> deleteById.entrySet()
>   .iterator();
>   while (entries.hasNext()) {
> 
> Map.Entry> entry = entries.next();
> 
> String deleteId = entry.getKey();
> Map map = entry.getValue();
> Long version = null;
> if (map != null) {
>   version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
>   return null;
> }
> List urls = urlMap.get(slice.getName());
> if (urls == null) {
>   return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
>   UpdateRequest urequest = (UpdateRequest) request.getRequest();
>   urequest.deleteById(deleteId, version);
> } else {
>   UpdateRequest urequest = new UpdateRequest();
>   urequest.setParams(params);
>   urequest.deleteById(deleteId, version);
>   urequest.setCommitWithin(getCommitWithin());
>   request = new LBHttpSolrClient.Req(urequest, urls);
>   routes.put(leaderUrl, request);
> }
>   }
> }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

Re: [jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

Re: [jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

Re: [jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

Re: [jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

[jira] [Commented] (SOLR-9399) Delete requests do not send credentials & fails for Basic Authentication

21 matches

Site Navigation

Mail list logo

Footer information