From 6d9a99f99264b32cd5547dfe6f5db9862fd84bda Mon Sep 17 00:00:00 2001 From: Noble Paul Date: Wed, 26 Oct 2016 13:36:37 +0530 Subject: [PATCH] SOLR-9692: blockUnknown property still breaks the internode communication --- solr/CHANGES.txt | 2 +- .../solr/servlet/SolrDispatchFilter.java | 22 ++++++++----------- .../security/BasicAuthIntegrationTest.java | 2 +- 3 files changed, 11 insertions(+), 15 deletions(-) diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index 8e6ee7ea19a..7dfbf397e60 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -372,7 +372,7 @@ Bug Fixes * SOLR-9389: HDFS Transaction logs stay open for writes which leaks Xceivers. (Tim Owen via Mark Miller) -* SOLR-9188: blockUnknown property makes inter-node communication impossible (noble) +* SOLR-9692: blockUnknown property makes inter-node communication impossible (noble) * SOLR-9455: Deleting a sub-shard in recovery state can mark parent shard as inactive. (shalin) diff --git a/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java b/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java index b9d37292ca8..5a4cfb627fe 100644 --- a/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java +++ b/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java @@ -348,27 +348,23 @@ public class SolrDispatchFilter extends BaseSolrFilter { if (authenticationPlugin == null) { return true; } else { - try { - if (PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getPathInfo())) return true; - } catch (Exception e) { - log.error("Unexpected error ", e); - } - - //special case when solr is securing inter-node requests + // /admin/info/key must be always open. see SOLR-9188 + // tests work only w/ getPathInfo + //otherwise it's just enough to have getServletPath() + if (PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getServletPath()) || + PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getPathInfo())) return true; String header = ((HttpServletRequest) request).getHeader(PKIAuthenticationPlugin.HEADER); if (header != null && cores.getPkiAuthenticationPlugin() != null) authenticationPlugin = cores.getPkiAuthenticationPlugin(); try { log.debug("Request to authenticate: {}, domain: {}, port: {}", request, request.getLocalName(), request.getLocalPort()); // upon successful authentication, this should call the chain's next filter. - requestContinues = authenticationPlugin.doAuthenticate(request, response, new FilterChain() { - public void doFilter(ServletRequest req, ServletResponse rsp) throws IOException, ServletException { - isAuthenticated.set(true); - wrappedRequest.set(req); - } + requestContinues = authenticationPlugin.doAuthenticate(request, response, (req, rsp) -> { + isAuthenticated.set(true); + wrappedRequest.set(req); }); } catch (Exception e) { - e.printStackTrace(); + log.info("Error authenticating", e); throw new SolrException(ErrorCode.SERVER_ERROR, "Error during request authentication, ", e); } } diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java index 6967b279d44..46646c7985b 100644 --- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java +++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java @@ -192,7 +192,7 @@ public class BasicAuthIntegrationTest extends SolrCloudTestCase { executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool"); verifySecurityStatus(cl, baseUrl + authcPrefix, "authentication/blockUnknown", "true", 20, "harry", "HarryIsUberCool"); - verifySecurityStatus(cl, baseUrl + PKIAuthenticationPlugin.PATH + "?wt=json", "key", NOT_NULL_PREDICATE, 20); + verifySecurityStatus(cl, baseUrl + "/admin/info/key?wt=json", "key", NOT_NULL_PREDICATE, 20); String[] toolArgs = new String[]{ "status", "-solr", baseUrl};