From 91a6c31d779364b6e08a58cd3b319b69e73ba32f Mon Sep 17 00:00:00 2001
From: Noble Paul <noble@apache.org>
Date: Fri, 16 Oct 2015 16:57:05 +0000
Subject: [PATCH] SOLR-8167: Authorization framework does not work with POST
 params

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1709056 13f79535-47bb-0310-9956-ffa450edef68
---
 solr/CHANGES.txt                                           | 3 +++
 .../apache/solr/security/RuleBasedAuthorizationPlugin.java | 2 +-
 .../src/java/org/apache/solr/servlet/HttpSolrCall.java     | 2 +-
 .../org/apache/solr/security/BasicAuthIntegrationTest.java | 7 +++++++
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 95459f859fa..3c1465fc4b2 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -274,6 +274,9 @@ Bug Fixes
 
 * SOLR-8050: Partial update on document with multivalued date field fails to parse date and can
   also fail to remove dates in some cases. (Burkhard Buelte, Luc Vanlerberghe, shalin)
+
+* SOLR-8167: Authorization framework does not work with POST params (noble)
+
   
 Optimizations
 ----------------------
diff --git a/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java b/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
index 61111b07d9a..0da1a8763e4 100644
--- a/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java
@@ -460,7 +460,7 @@ public class RuleBasedAuthorizationPlugin implements AuthorizationPlugin, Config
           "    update :{" +
           "      path:'/update/*'}," +
           "    read :{" +
-          "      path:['/update/*', '/get']}," +
+          "      path:['/select', '/get']}," +
           "    config-edit:{" +
           "      method:POST," +
           "      path:'/config/*'}}");
diff --git a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
index 6dceb4bf69a..7df54d989bd 100644
--- a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
+++ b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
@@ -957,7 +957,7 @@ public class HttpSolrCall {
     return new AuthorizationContext() {
       @Override
       public SolrParams getParams() {
-        return getQueryParams();
+        return solrReq.getParams();
       }
 
       @Override
diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
index f8f0e9608f8..b4a1489cd8f 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java
@@ -164,6 +164,13 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
       fail("must have failed");
     } catch (HttpSolrClient.RemoteSolrException e) {
 
+    }
+    reload.setMethod(SolrRequest.METHOD.POST);
+    try {
+      rsp = solrClient.request(reload);
+      fail("must have failed");
+    } catch (HttpSolrClient.RemoteSolrException e) {
+
     }
     cloudSolrClient.request(new CollectionAdminRequest.Reload()
         .setCollectionName(defaultCollName)