SOLR-9188: blockUnknown property makes inter-node communication impossible

solr/CHANGES.txt

@@ -51,6 +51,8 @@ Bug Fixes
   to be consistent with other places in Solr. Language names still work for backwards
   compatibility. (Uwe Schindler, Boris Steiner)
 
+* SOLR-9188: blockUnknown property makes inter-node communication impossible (noble)
+
 Optimizations
 ----------------------
 

solr/core/src/java/org/apache/solr/security/BasicAuthPlugin.java

@@ -71,6 +71,7 @@ public class BasicAuthPlugin extends AuthenticationPlugin implements ConfigEdita
         for (Map.Entry<String, Object> e : command.getDataMap().entrySet()) {
           if (PROPS.contains(e.getKey())) {
             latestConf.put(e.getKey(), e.getValue());
+            return latestConf;
           } else {
             command.addError("Unknown property " + e.getKey());
           }

solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java

@@ -302,6 +302,7 @@ public class SolrDispatchFilter extends BaseSolrFilter {
     if (authenticationPlugin == null) {
       return true;
     } else {
+      if( PKIAuthenticationPlugin.PATH.equals(((HttpServletRequest) request).getPathInfo()) ) return true;
       //special case when solr is securing inter-node requests
       String header = ((HttpServletRequest) request).getHeader(PKIAuthenticationPlugin.HEADER);
       if (header != null && cores.getPkiAuthenticationPlugin() != null)

solr/core/src/test/org/apache/solr/security/BasicAuthIntegrationTest.java

@@ -194,7 +194,7 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
       cloudSolrClient.request(update);
 
 
-      executeCommand(baseUrl + authzPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");
+      executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: true}}", "harry", "HarryIsUberCool");
       String[] toolArgs = new String[]{
           "status", "-solr", baseUrl};
       ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -212,7 +212,7 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
         log.error("RunExampleTool failed due to: " + e +
             "; stdout from tool prior to failure: " + baos.toString(StandardCharsets.UTF_8.name()));
       }
-      executeCommand(baseUrl + authzPrefix, cl, "{set-property : { blockUnknown: false}}", "harry", "HarryIsUberCool");
+      executeCommand(baseUrl + authcPrefix, cl, "{set-property : { blockUnknown: false}}", "harry", "HarryIsUberCool");
     } finally {
       if (cl != null) {
         HttpClientUtil.close(cl);
@@ -232,12 +232,21 @@ public class BasicAuthIntegrationTest extends TestMiniSolrCloudClusterBase {
     Utils.consumeFully(r.getEntity());
   }
 
-  public static void verifySecurityStatus(HttpClient cl, String url, String objPath, Object expected, int count) throws Exception {
+  public static void verifySecurityStatus(HttpClient cl, String url, String objPath,
+                                          Object expected, int count) throws Exception {
+    verifySecurityStatus(cl, url, objPath, expected, count, null, null);
+  }
+
+
+  public static void verifySecurityStatus(HttpClient cl, String url, String objPath,
+                                          Object expected, int count, String user, String pwd)
+      throws Exception {
     boolean success = false;
     String s = null;
     List<String> hierarchy = StrUtils.splitSmart(objPath, '/');
     for (int i = 0; i < count; i++) {
       HttpGet get = new HttpGet(url);
+      if (user != null) setBasicAuthHeader(get, user, pwd);
       HttpResponse rsp = cl.execute(get);
       s = EntityUtils.toString(rsp.getEntity());
       Map m = (Map) Utils.fromJSONString(s);