From 4383bec84c38464c60e63880ad0ba37128d261a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=B8ydahl?= Date: Tue, 1 Nov 2016 15:38:21 +0100 Subject: [PATCH] SOLR-9481: Clearing existing global interceptors on HttpClientUtil to avoid user/pass leaks from other tests --- .../src/java/org/apache/solr/security/BasicAuthPlugin.java | 1 + .../test/org/apache/solr/security/BasicAuthStandaloneTest.java | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java b/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java index 29a887b9488..5c0717b3f0e 100644 --- a/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java +++ b/solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java @@ -119,6 +119,7 @@ public class BasicAuthPlugin extends AuthenticationPlugin implements ConfigEdita final String username = credentials.substring(0, p).trim(); String pwd = credentials.substring(p + 1).trim(); if (!authenticate(username, pwd)) { + log.debug("Bad auth credentials supplied in Authorization header"); authenticationFailure(response, "Bad credentials"); } else { HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) { diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthStandaloneTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthStandaloneTest.java index e5fec06db0e..7d6c4363e03 100644 --- a/solr/core/src/test/org/apache/solr/security/BasicAuthStandaloneTest.java +++ b/solr/core/src/test/org/apache/solr/security/BasicAuthStandaloneTest.java @@ -73,6 +73,7 @@ public class BasicAuthStandaloneTest extends AbstractSolrTestCase { instance.setUp(); jetty = createJetty(instance); securityConfHandler = new SecurityConfHandlerLocalForTesting(jetty.getCoreContainer()); + HttpClientUtil.clearRequestInterceptors(); // Clear out any old Authorization headers } @Override @@ -101,8 +102,6 @@ public class BasicAuthStandaloneTest extends AbstractSolrTestCase { securityConfHandler.persistConf(new SecurityConfHandler.SecurityConfig() .setData(Utils.fromJSONString(STD_CONF.replaceAll("'", "\"")))); securityConfHandler.securityConfEdited(); - log.debug("Newly written security.json is " + securityConfHandler.getSecurityConfig(false) + - " and baseUrl is " + baseUrl); verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/class", "solr.BasicAuthPlugin", 20); String command = "{\n" +