[jira] [Commented] (CONNECTORS-1103) Add Kerberos support for all connectors that currently use NTLM
[
https://issues.apache.org/jira/browse/CONNECTORS-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756359#comment-16756359
]
Michael Osipov commented on CONNECTORS-1103:
Nice you are citing my Sorceforge projects ;-) I plan add this too with an
implicit {{GSSCredential}} but this should actually necessary because you can
leverage a {{Subject}} insance with the private credentials and the {{doAs()}}
to achieve the same. The internals of HttpClient would run in the scope of the
explicit credential.
> Add Kerberos support for all connectors that currently use NTLM
> ---
>
> Key: CONNECTORS-1103
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1103
> Project: ManifoldCF
> Issue Type: Improvement
> Components: FileNet connector, LiveLink connector, RSS connector,
> SharePoint connector, Web connector
>Affects Versions: ManifoldCF 1.7.2
>Reporter: Karl Wright
>Assignee: Karl Wright
>Priority: Major
> Fix For: ManifoldCF next
>
>
> You can solve your local ticket store by using LoginContext and appropriate
> keytabs. Obtain the GSSCredential and go. Every connection instance can act
> independently. Regardless of the OS.
> If you cache the subject issued by the aforementioned LoginContext, you can
> always say: GssCredential#getRemainingLifetime or invoke a fresh LoginContext
> as you think fit.
> Unfortunately, HTTPClient does not support direct use of GSSCredential and
> always assumes implicit credential. Fortunately, there are several ways to
> solve that problem too.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756331#comment-16756331
]
Erlend Garåsen edited comment on CONNECTORS-1564 at 1/30/19 5:13 PM:
-
I have notified a Solr committer about this odd behaviour.
was (Author: erlendfg):
I have notified a Solr committer by this odd behaviour.
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756324#comment-16756324
]
Erlend Garåsen commented on CONNECTORS-1564:
I have a reason to believe that this is SolrJ related. The header does not show
up in my connector's log, nor do the user agent. So I guess SolrJ overwrites
the settings. This is what I configured in my connector:
{code:java}
HttpClientBuilder builder = HttpClients.custom();
builder.setUserAgent("ninja");
builder.setDefaultRequestConfig(RequestConfig.custom().setExpectContinueEnabled(true).build());
AuthScope scope = new AuthScope(solrUrl.getHost(), solrUrl.getPort(),
solrRealm);
Credentials creds = new UsernamePasswordCredentials(solrUsername,
solrPassword);
BasicCredentialsProvider cp = new BasicCredentialsProvider();
cp.setCredentials(scope, creds);
builder.setDefaultCredentialsProvider(cp);
HttpClient httpClient = builder.build();
return new HttpSolrClient.Builder()
.withBaseSolrUrl(solrUrl.toString())
.withHttpClient(httpClient)
.allowCompression(true).build();
}{code}
The protocol version is 1.1
{code:java}
DEBUG 30.01.2019 17:40:04:396
(LoggingManagedHttpClientConnection.java:onRequestSubmitted:133) -
http-outgoing-0 >> GET
/solr/uio/select?q=*%3A*=%28+content_no%3A%2F%5B0-9%5D%7B11%7D%2F+OR+content_en%3A%2F%5B0-9%5D%7B11%7D%2F+OR+%28content_no%3A%2F%5B0-9%5D%7B6%7D%2F+AND+content_no%3A%2F%5B0-9%5D%7B5%7D%2F%29+OR+%28content_en%3A%2F%5B0-9%5D%7B6%7D%2F+AND+content_en%3A%2F%5B0-9%5D%7B5%7D%2F%29+OR+%28content_no%3A%2F%5B0-9%5D%7B2%7D.%5B0-9%5D%7B2%7D.%5B0-9%5D%7B2%2C4%7D%2F+AND+content_no%3A%2F%5B0-9%5D%7B5%7D%2F%29+OR+%28content_en%3A%2F%5B0-9%5D%7B2%7D.%5B0-9%5D%7B2%7D.%5B0-9%5D%7B2%2C4%7D%2F+AND+content_en%3A%2F%5B0-9%5D%7B5%7D%2F%29+%29+AND+acl%3A%22pseudo%3Aall%22=0=500=lucene=javabin=2
HTTP/1.1{code}
The user agent has been changed and is *not* "Ninja":
{code:java}
DEBUG 30.01.2019 17:40:04:397
(LoggingManagedHttpClientConnection.java:onRequestSubmitted:136) -
http-outgoing-0 >> User-Agent:
Solr[org.apache.solr.client.solrj.impl.HttpSolrClient] 1.0{code}
And no expect continue:
{code:java}
DEBUG 30.01.2019 17:40:04:398
(LoggingManagedHttpClientConnection.java:onRequestSubmitted:136) -
http-outgoing-0 >> Host: solr-prod01.uio.no
DEBUG 30.01.2019 17:40:04:398
(LoggingManagedHttpClientConnection.java:onRequestSubmitted:136) -
http-outgoing-0 >> Connection: Keep-Alive{code}
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756331#comment-16756331
]
Erlend Garåsen commented on CONNECTORS-1564:
I have notified a Solr committer by this odd behaviour.
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756153#comment-16756153
]
Erlend Garåsen commented on CONNECTORS-1564:
I tried to set the protocol version explicitly everywhere we were creating an
instance of the HttpPost class:
{noformat}
postOrPut.setProtocolVersion(HttpVersion.HTTP_1_1);{noformat}
But with no luck. I also tried to change the order of the builder method
invocations. Maybe the source of the problem is located in the SolrJ library. I
can try to refactor my own Solr connector, enable ExpectContinue and inspect
the traffic. Since this connector does not override HttpSolrClient, I will be
able to check whether SolrJ is the problem.
[~michael-o], unfortunately I haven't got time to try your sample code yet.
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756119#comment-16756119
]
Michael Osipov commented on CONNECTORS-1564:
[~erlendfg], that looks very promising. Can you add the test of the successful
{{POST}} request?
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756100#comment-16756100
]
Erlend Garåsen commented on CONNECTORS-1564:
Yes, the expect-continue header is for HTTP1.1, so I will try what you
suggested.
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756074#comment-16756074
]
Karl Wright commented on CONNECTORS-1564:
-
The way you tell it is this:
{code}
request.setProtocolVersion(HttpVersion.HTTP_1_1);
{code}
I suspect there's a similar method in the RequestOptions builder. But I bet
one of the things we're doing in the builder is convincing it that it's HTTP
1.0, and that's the problem. We need to figure out what it is.
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756071#comment-16756071
]
Karl Wright commented on CONNECTORS-1564:
-
Oh, and I vaguely recall something -- that since the expect-continue header is
for HTTP 1.1 (and not HTTP 1.0), there was code in HttpComponents/HttpClient
that disabled it if the client thought it was working in an HTTP 1.0
environment. I wonder if we just need to tell it somehow that it's HTTP 1.1?
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756069#comment-16756069
]
Karl Wright commented on CONNECTORS-1564:
-
[~erlendfg], forcing the header would be a last resort. But we can do it if we
must. However there are about a dozen connectors that rely on this
functionality working properly, so I really want to know what is going wrong.
Can you experiment with changing the order of the builder method invocations
for HttpClient in HttpPoster? It's the only thing I can think of that might be
germane. Perhaps if toString() isn't helpful, you can still inspect the
property in question. Is there a getter method for useExpectContinue?
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756063#comment-16756063
]
Erlend Garåsen commented on CONNECTORS-1564:
BTW, I also refactored ModifiedHttpSolrClient.java and removed all the
deprecated code, but the header was still missing. By adding the header in
{{executeMethod, I was able to post successfully to Solr.}}
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756062#comment-16756062
]
Erlend Garåsen commented on CONNECTORS-1564:
[~kwri...@metacarta.com] and [~michael-o]: We are getting closer. I can confirm
that expect 100-continue works with Apache 2.5. I included the header in
ModifiedHttpSolrClient.java this way:
{{Override}}
{{protected NamedList executeMethod(final HttpRequestBase method, final
ResponseParser parser,}}
{{ final boolean isV2Api) throws SolrServerException {}}
{{ method.addHeader("Expect", "100-continue");}}
{{ return super.executeMethod(method, parser, isV2Api);}}
{{}}}
Now I can see the following in my logs:
{{DEBUG 2019-01-30T13:44:00,729 (Thread-2237) - http-outgoing-1 >> "Expect:
100-continue[\r][\n]"}}
Maybe we have a bug in ModifiedHttpSolrClient.java. I wasn't able to log
anything useful from httpClientBuilder. Anyway, the setup code seems
reasonable. It's almost the same I have done in another Solr connector I have
written.
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Re: About publishing in mvn central repository
Hi, Here is an explanation for publishing Maven artifacts for Ant + Ivy at Apache: http://www.apache.org/dev/publishing-maven-artifacts.html#ant Kind Regards, Furkan KAMACI On Wed, Jan 30, 2019 at 3:23 PM Karl Wright wrote: > There's a ticket outstanding for this but nobody could figure out how to do > it, since the jars are built with Ant not Maven. > > If you want to work out how, please feel free to go ahead. > > Karl > > On Wed, Jan 30, 2019 at 7:08 AM Cihad Guzel wrote: > > > Hi, > > > > There aren't Manifoldcf jar packages in the mvn central repository. Maybe > > they can be published in the repository? So we can add mcf-core or other > > mfc jar packages to our projects as dependency. > > > > What do you think about that? > > > > [1] > > https://maven.apache.org/repository/guide-central-repository-upload.html > > > > > > Regards, > > Cihad Güzel > > >
Re: About publishing in mvn central repository
There's a ticket outstanding for this but nobody could figure out how to do it, since the jars are built with Ant not Maven. If you want to work out how, please feel free to go ahead. Karl On Wed, Jan 30, 2019 at 7:08 AM Cihad Guzel wrote: > Hi, > > There aren't Manifoldcf jar packages in the mvn central repository. Maybe > they can be published in the repository? So we can add mcf-core or other > mfc jar packages to our projects as dependency. > > What do you think about that? > > [1] > https://maven.apache.org/repository/guide-central-repository-upload.html > > > Regards, > Cihad Güzel >
About publishing in mvn central repository
Hi, There aren't Manifoldcf jar packages in the mvn central repository. Maybe they can be published in the repository? So we can add mcf-core or other mfc jar packages to our projects as dependency. What do you think about that? [1] https://maven.apache.org/repository/guide-central-repository-upload.html Regards, Cihad Güzel
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[
https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16755887#comment-16755887
]
Erlend Garåsen commented on CONNECTORS-1564:
[~kwri...@metacarta.com] and [~michael-o]: I will try to spend some hours on
this issue this week, even though we are quite busy with other things at work.
I'll start with HttpPoster.java.
> Support preemptive authentication to Solr connector
> ---
>
> Key: CONNECTORS-1564
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1564
> Project: ManifoldCF
> Issue Type: Improvement
> Components: Lucene/SOLR connector
>Reporter: Erlend Garåsen
>Assignee: Karl Wright
>Priority: Major
> Attachments: CONNECTORS-1564.patch
>
>
> We should post preemptively in case the Solr server requires basic
> authentication. This will make the communication between ManifoldCF and Solr
> much more effective instead of the following:
> * Send a HTTP POST request to Solr
> * Solr sends a 401 response
> * Send the same request, but with a "{{Authorization: Basic}}" header
> With preemptive authentication, we can send the header in the first request.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
