[jira] [Commented] (CONNECTORS-1103) Add Kerberos support for all connectors that currently use NTLM
[ https://issues.apache.org/jira/browse/CONNECTORS-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756359#comment-16756359 ] Michael Osipov commented on CONNECTORS-1103: Nice you are citing my Sorceforge projects ;-) I plan add this too with an implicit {{GSSCredential}} but this should actually necessary because you can leverage a {{Subject}} insance with the private credentials and the {{doAs()}} to achieve the same. The internals of HttpClient would run in the scope of the explicit credential. > Add Kerberos support for all connectors that currently use NTLM > --- > > Key: CONNECTORS-1103 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1103 > Project: ManifoldCF > Issue Type: Improvement > Components: FileNet connector, LiveLink connector, RSS connector, > SharePoint connector, Web connector >Affects Versions: ManifoldCF 1.7.2 >Reporter: Karl Wright >Assignee: Karl Wright >Priority: Major > Fix For: ManifoldCF next > > > You can solve your local ticket store by using LoginContext and appropriate > keytabs. Obtain the GSSCredential and go. Every connection instance can act > independently. Regardless of the OS. > If you cache the subject issued by the aforementioned LoginContext, you can > always say: GssCredential#getRemainingLifetime or invoke a fresh LoginContext > as you think fit. > Unfortunately, HTTPClient does not support direct use of GSSCredential and > always assumes implicit credential. Fortunately, there are several ways to > solve that problem too. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756331#comment-16756331 ] Erlend Garåsen edited comment on CONNECTORS-1564 at 1/30/19 5:13 PM: - I have notified a Solr committer about this odd behaviour. was (Author: erlendfg): I have notified a Solr committer by this odd behaviour. > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756324#comment-16756324 ] Erlend Garåsen commented on CONNECTORS-1564: I have a reason to believe that this is SolrJ related. The header does not show up in my connector's log, nor do the user agent. So I guess SolrJ overwrites the settings. This is what I configured in my connector: {code:java} HttpClientBuilder builder = HttpClients.custom(); builder.setUserAgent("ninja"); builder.setDefaultRequestConfig(RequestConfig.custom().setExpectContinueEnabled(true).build()); AuthScope scope = new AuthScope(solrUrl.getHost(), solrUrl.getPort(), solrRealm); Credentials creds = new UsernamePasswordCredentials(solrUsername, solrPassword); BasicCredentialsProvider cp = new BasicCredentialsProvider(); cp.setCredentials(scope, creds); builder.setDefaultCredentialsProvider(cp); HttpClient httpClient = builder.build(); return new HttpSolrClient.Builder() .withBaseSolrUrl(solrUrl.toString()) .withHttpClient(httpClient) .allowCompression(true).build(); }{code} The protocol version is 1.1 {code:java} DEBUG 30.01.2019 17:40:04:396 (LoggingManagedHttpClientConnection.java:onRequestSubmitted:133) - http-outgoing-0 >> GET /solr/uio/select?q=*%3A*=%28+content_no%3A%2F%5B0-9%5D%7B11%7D%2F+OR+content_en%3A%2F%5B0-9%5D%7B11%7D%2F+OR+%28content_no%3A%2F%5B0-9%5D%7B6%7D%2F+AND+content_no%3A%2F%5B0-9%5D%7B5%7D%2F%29+OR+%28content_en%3A%2F%5B0-9%5D%7B6%7D%2F+AND+content_en%3A%2F%5B0-9%5D%7B5%7D%2F%29+OR+%28content_no%3A%2F%5B0-9%5D%7B2%7D.%5B0-9%5D%7B2%7D.%5B0-9%5D%7B2%2C4%7D%2F+AND+content_no%3A%2F%5B0-9%5D%7B5%7D%2F%29+OR+%28content_en%3A%2F%5B0-9%5D%7B2%7D.%5B0-9%5D%7B2%7D.%5B0-9%5D%7B2%2C4%7D%2F+AND+content_en%3A%2F%5B0-9%5D%7B5%7D%2F%29+%29+AND+acl%3A%22pseudo%3Aall%22=0=500=lucene=javabin=2 HTTP/1.1{code} The user agent has been changed and is *not* "Ninja": {code:java} DEBUG 30.01.2019 17:40:04:397 (LoggingManagedHttpClientConnection.java:onRequestSubmitted:136) - http-outgoing-0 >> User-Agent: Solr[org.apache.solr.client.solrj.impl.HttpSolrClient] 1.0{code} And no expect continue: {code:java} DEBUG 30.01.2019 17:40:04:398 (LoggingManagedHttpClientConnection.java:onRequestSubmitted:136) - http-outgoing-0 >> Host: solr-prod01.uio.no DEBUG 30.01.2019 17:40:04:398 (LoggingManagedHttpClientConnection.java:onRequestSubmitted:136) - http-outgoing-0 >> Connection: Keep-Alive{code} > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756331#comment-16756331 ] Erlend Garåsen commented on CONNECTORS-1564: I have notified a Solr committer by this odd behaviour. > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756153#comment-16756153 ] Erlend Garåsen commented on CONNECTORS-1564: I tried to set the protocol version explicitly everywhere we were creating an instance of the HttpPost class: {noformat} postOrPut.setProtocolVersion(HttpVersion.HTTP_1_1);{noformat} But with no luck. I also tried to change the order of the builder method invocations. Maybe the source of the problem is located in the SolrJ library. I can try to refactor my own Solr connector, enable ExpectContinue and inspect the traffic. Since this connector does not override HttpSolrClient, I will be able to check whether SolrJ is the problem. [~michael-o], unfortunately I haven't got time to try your sample code yet. > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756119#comment-16756119 ] Michael Osipov commented on CONNECTORS-1564: [~erlendfg], that looks very promising. Can you add the test of the successful {{POST}} request? > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756100#comment-16756100 ] Erlend Garåsen commented on CONNECTORS-1564: Yes, the expect-continue header is for HTTP1.1, so I will try what you suggested. > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756074#comment-16756074 ] Karl Wright commented on CONNECTORS-1564: - The way you tell it is this: {code} request.setProtocolVersion(HttpVersion.HTTP_1_1); {code} I suspect there's a similar method in the RequestOptions builder. But I bet one of the things we're doing in the builder is convincing it that it's HTTP 1.0, and that's the problem. We need to figure out what it is. > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756071#comment-16756071 ] Karl Wright commented on CONNECTORS-1564: - Oh, and I vaguely recall something -- that since the expect-continue header is for HTTP 1.1 (and not HTTP 1.0), there was code in HttpComponents/HttpClient that disabled it if the client thought it was working in an HTTP 1.0 environment. I wonder if we just need to tell it somehow that it's HTTP 1.1? > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756069#comment-16756069 ] Karl Wright commented on CONNECTORS-1564: - [~erlendfg], forcing the header would be a last resort. But we can do it if we must. However there are about a dozen connectors that rely on this functionality working properly, so I really want to know what is going wrong. Can you experiment with changing the order of the builder method invocations for HttpClient in HttpPoster? It's the only thing I can think of that might be germane. Perhaps if toString() isn't helpful, you can still inspect the property in question. Is there a getter method for useExpectContinue? > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756063#comment-16756063 ] Erlend Garåsen commented on CONNECTORS-1564: BTW, I also refactored ModifiedHttpSolrClient.java and removed all the deprecated code, but the header was still missing. By adding the header in {{executeMethod, I was able to post successfully to Solr.}} > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16756062#comment-16756062 ] Erlend Garåsen commented on CONNECTORS-1564: [~kwri...@metacarta.com] and [~michael-o]: We are getting closer. I can confirm that expect 100-continue works with Apache 2.5. I included the header in ModifiedHttpSolrClient.java this way: {{Override}} {{protected NamedList executeMethod(final HttpRequestBase method, final ResponseParser parser,}} {{ final boolean isV2Api) throws SolrServerException {}} {{ method.addHeader("Expect", "100-continue");}} {{ return super.executeMethod(method, parser, isV2Api);}} {{}}} Now I can see the following in my logs: {{DEBUG 2019-01-30T13:44:00,729 (Thread-2237) - http-outgoing-1 >> "Expect: 100-continue[\r][\n]"}} Maybe we have a bug in ModifiedHttpSolrClient.java. I wasn't able to log anything useful from httpClientBuilder. Anyway, the setup code seems reasonable. It's almost the same I have done in another Solr connector I have written. > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: About publishing in mvn central repository
Hi, Here is an explanation for publishing Maven artifacts for Ant + Ivy at Apache: http://www.apache.org/dev/publishing-maven-artifacts.html#ant Kind Regards, Furkan KAMACI On Wed, Jan 30, 2019 at 3:23 PM Karl Wright wrote: > There's a ticket outstanding for this but nobody could figure out how to do > it, since the jars are built with Ant not Maven. > > If you want to work out how, please feel free to go ahead. > > Karl > > On Wed, Jan 30, 2019 at 7:08 AM Cihad Guzel wrote: > > > Hi, > > > > There aren't Manifoldcf jar packages in the mvn central repository. Maybe > > they can be published in the repository? So we can add mcf-core or other > > mfc jar packages to our projects as dependency. > > > > What do you think about that? > > > > [1] > > https://maven.apache.org/repository/guide-central-repository-upload.html > > > > > > Regards, > > Cihad Güzel > > >
Re: About publishing in mvn central repository
There's a ticket outstanding for this but nobody could figure out how to do it, since the jars are built with Ant not Maven. If you want to work out how, please feel free to go ahead. Karl On Wed, Jan 30, 2019 at 7:08 AM Cihad Guzel wrote: > Hi, > > There aren't Manifoldcf jar packages in the mvn central repository. Maybe > they can be published in the repository? So we can add mcf-core or other > mfc jar packages to our projects as dependency. > > What do you think about that? > > [1] > https://maven.apache.org/repository/guide-central-repository-upload.html > > > Regards, > Cihad Güzel >
About publishing in mvn central repository
Hi, There aren't Manifoldcf jar packages in the mvn central repository. Maybe they can be published in the repository? So we can add mcf-core or other mfc jar packages to our projects as dependency. What do you think about that? [1] https://maven.apache.org/repository/guide-central-repository-upload.html Regards, Cihad Güzel
[jira] [Commented] (CONNECTORS-1564) Support preemptive authentication to Solr connector
[ https://issues.apache.org/jira/browse/CONNECTORS-1564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16755887#comment-16755887 ] Erlend Garåsen commented on CONNECTORS-1564: [~kwri...@metacarta.com] and [~michael-o]: I will try to spend some hours on this issue this week, even though we are quite busy with other things at work. I'll start with HttpPoster.java. > Support preemptive authentication to Solr connector > --- > > Key: CONNECTORS-1564 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1564 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Reporter: Erlend Garåsen >Assignee: Karl Wright >Priority: Major > Attachments: CONNECTORS-1564.patch > > > We should post preemptively in case the Solr server requires basic > authentication. This will make the communication between ManifoldCF and Solr > much more effective instead of the following: > * Send a HTTP POST request to Solr > * Solr sends a 401 response > * Send the same request, but with a "{{Authorization: Basic}}" header > With preemptive authentication, we can send the header in the first request. -- This message was sent by Atlassian JIRA (v7.6.3#76005)