SOLR-9692: blockUnknown property still breaks the internode communication

2016-10-26 13:36:37 +05:30 · 2016-10-26 13:36:37 +05:30 · 6d9a99f992
parent 9303112981
commit 6d9a99f992
3 changed files with 11 additions and 15 deletions
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@ -372,7 +372,7 @@ Bug Fixes

 * SOLR-9389: HDFS Transaction logs stay open for writes which leaks Xceivers. (Tim Owen via Mark Miller)

-* SOLR-9188: blockUnknown property makes inter-node communication impossible (noble)
+* SOLR-9692: blockUnknown property makes inter-node communication impossible (noble)

 * SOLR-9455: Deleting a sub-shard in recovery state can mark parent shard as inactive. (shalin)

--- a/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
+++ b/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java
@ -348,27 +348,23 @@ public class SolrDispatchFilter extends BaseSolrFilter {
    if (authenticationPlugin == null) {
      return true;
    } else {
-      try {
-        if (PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getPathInfo())) return true;
-      } catch (Exception e) {
-        log.error("Unexpected error ", e);
-      }
-
-      //special case when solr is securing inter-node requests
+      // /admin/info/key must be always open. see SOLR-9188
+      // tests work only w/ getPathInfo
+      //otherwise it's just enough to have getServletPath()
+      if (PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getServletPath()) ||
+          PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getPathInfo())) return true;
      String header = ((HttpServletRequest) request).getHeader(PKIAuthenticationPlugin.HEADER);
      if (header != null && cores.getPkiAuthenticationPlugin() != null)
        authenticationPlugin = cores.getPkiAuthenticationPlugin();
      try {
        log.debug("Request to authenticate: {}, domain: {}, port: {}", request, request.getLocalName(), request.getLocalPort());
        // upon successful authentication, this should call the chain's next filter.
-        requestContinues = authenticationPlugin.doAuthenticate(request, response, new FilterChain() {
-          public void doFilter(ServletRequest req, ServletResponse rsp) throws IOException, ServletException {
-            isAuthenticated.set(true);
-            wrappedRequest.set(req);
-          }
+        requestContinues = authenticationPlugin.doAuthenticate(request, response, (req, rsp) -> {
+          isAuthenticated.set(true);
+          wrappedRequest.set(req);
        });
      } catch (Exception e) {
-        e.printStackTrace();
+        log.info("Error authenticating", e);
        throw new SolrException(ErrorCode.SERVER_ERROR, "Error during request authentication, ", e);
      }
    }
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@ -192,7 +192,7 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase {

      executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");
      verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/blockUnknown", "true", 20, "harry", "HarryIsUberCool");
-      verifySecurityStatus(cl, baseUrl + PKIAuthenticationPlugin.PATH + "?wt=json", "key", NOT_NULL_PREDICATE, 20);
+      verifySecurityStatus(cl, baseUrl + "/admin/info/key?wt=json", "key", NOT_NULL_PREDICATE, 20);

      String[] toolArgs = new String[]{
          "status", "-solr", baseUrl};