SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica

This commit is contained in:
Noble Paul 2019-01-02 19:44:03 +11:00
parent 7c70365811
commit 619b38a19b
4 changed files with 18 additions and 1 deletions

View File

@ -198,6 +198,8 @@ Bug Fixes
scheduled triggers not be used for very frequent operations to avoid this problem.
(ab, shalin)
* SOLR-12514: Rule-base Authorization plugin skips authorization if querying node does not have collection replica (noble)
Improvements
----------------------

View File

@ -496,6 +496,7 @@ public class HttpSolrCall {
handleAdminRequest();
return RETURN;
case REMOTEQUERY:
SolrRequestInfo.setRequestInfo(new SolrRequestInfo(solrReq, new SolrQueryResponse()));
remoteQuery(coreUrl + path, resp);
return RETURN;
case PROCESS:

View File

@ -312,6 +312,7 @@ public class TestSolrCloudWithSecureImpersonation extends SolrTestCaseJ4 {
}
@Test
@AwaitsFix(bugUrl = "https://issues.apache.org/jira/browse/SOLR-13098")
public void testForwarding() throws Exception {
String collectionName = "forwardingCollection";
miniCluster.uploadConfigSet(TEST_PATH().resolve("collection1/conf"), "conf1");

View File

@ -100,7 +100,7 @@ public class BasicAuthIntegrationTest extends SolrCloudAuthTestCase {
@Test
//commented 9-Aug-2018 @BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // 21-May-2018
@BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // annotated on: 24-Dec-2018
// @BadApple(bugUrl="https://issues.apache.org/jira/browse/SOLR-12028") // annotated on: 24-Dec-2018
public void testBasicAuth() throws Exception {
boolean isUseV2Api = random().nextBoolean();
String authcPrefix = "/admin/authentication";
@ -239,6 +239,19 @@ public class BasicAuthIntegrationTest extends SolrCloudAuthTestCase {
del.setCommitWithin(10);
del.process(cluster.getSolrClient(), COLLECTION);
//Test for SOLR-12514. Create a new jetty . This jetty does not have the collection.
//Make a request to that jetty and it should fail
JettySolrRunner aNewJetty = cluster.startJettySolrRunner();
try {
del = new UpdateRequest().deleteByQuery("*:*");
del.process(aNewJetty.newClient(), COLLECTION);
fail("This should not have succeeded without credentials");
} catch (HttpSolrClient.RemoteSolrException e) {
assertTrue(e.getMessage().contains("Unauthorized request"));
} finally {
cluster.stopJettySolrRunner(aNewJetty);
}
addDocument("harry","HarryIsUberCool","id", "4");
executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");