SOLR-9481: Clearing existing global interceptors on HttpClientUtil to avoid user/pass leaks from other tests

This commit is contained in:
Jan Høydahl 2016-11-01 15:38:21 +01:00
parent 22aa34e017
commit 4383bec84c
2 changed files with 2 additions and 2 deletions

View File

@ -119,6 +119,7 @@ public class BasicAuthPlugin extends AuthenticationPlugin implements ConfigEdita
final String username = credentials.substring(0, p).trim();
String pwd = credentials.substring(p + 1).trim();
if (!authenticate(username, pwd)) {
log.debug("Bad auth credentials supplied in Authorization header");
authenticationFailure(response, "Bad credentials");
} else {
HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {

View File

@ -73,6 +73,7 @@ public class BasicAuthStandaloneTest extends AbstractSolrTestCase {
instance.setUp();
jetty = createJetty(instance);
securityConfHandler = new SecurityConfHandlerLocalForTesting(jetty.getCoreContainer());
HttpClientUtil.clearRequestInterceptors(); // Clear out any old Authorization headers
}
@Override
@ -101,8 +102,6 @@ public class BasicAuthStandaloneTest extends AbstractSolrTestCase {
securityConfHandler.persistConf(new SecurityConfHandler.SecurityConfig()
.setData(Utils.fromJSONString(STD_CONF.replaceAll("'", "\""))));
securityConfHandler.securityConfEdited();
log.debug("Newly written security.json is " + securityConfHandler.getSecurityConfig(false) +
" and baseUrl is " + baseUrl);
verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/class", "solr.BasicAuthPlugin", 20);
String command = "{\n" +