Jetty 9.4.16.v20190411 and up introduced separate
client and server SslContextFactory implementations.
This split requires the proper use of of
SslContextFactory in clients and server configs.
This fixes the following
* SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0
* Http2SolrClient SSL not working in branch_8x
Signed-off-by: Kevin Risden <krisden@apache.org>
Solr tests now have a similar policy to Lucene, loopback use only. If a
test tries to resolve or connect to the internet, it will get SecurityException.
Some solr tests explicitly try to talk to dead nodes with real
networking. This is not good and asking for trouble, but use low loopback port numbers instead of
multicast addresses. The idea is that it fails faster. Move these to
constants so that stuff isn't copy-pasted everywhere, in case we have to
do something different later.
This removes the Solr security manager hacks
for Hadoop. It does so by:
* Using a fake group mapping class instead of ShellGroupMapping
* Copies a few Hadoop classes and modifies them for tests with no Shell
* Nulls out some of the static variables in the tests
The Hadoop files were copied from Apache Hadoop 3.2.0
and copied to the test package to be only picked up
during tests. They were modified to remove the need to
shell out for access. The assumption is that these
HDFS integration tests only run on Unix based systems
and therefore Windows compatibility was removed in some
of the modified classes. The long term goal is to remove
these custom Hadoop classes. All the copied classes are
in the org.apache.hadoop package.
Signed-off-by: Kevin Risden <krisden@apache.org>
This groundwork commit allows tests to randomize request content-type
more flexibly. This will be taken advantage of by subsequent commits.
Co-Authored-By: Thomas Woeckinger
Closes: #755
* Refactor existing work around in BasicAuthIntegrationTest up into SolrCloudAuthTestCase for re-use in JWTAuthPluginIntegrationTest
* Simplify BasicAuthOnSingleNodeTest and PKIAuthenticationIntegrationTest to use their existing (static) security settings on creation of MiniSolrCloud. Since they no longer modify security.json once the nodes are alive, the issue no longer affects them
* SOLR-13565: initial commit
* SOLR-13565: updated with testcase
* SOLR-13565: removed unused methods
* SOLR-13565: better logging
* SOLR-13565: disable SSL
* SOLR-13565: more tests
* SOLR-13565: syncing with master
* SOLR-13565: fixing tests
* SOLR-13565: fixing tests
* SOLR-13534: Fix test
Remove buggy 'port roulette' code that can easily fail if OS gives the selected port to a different process just before creating the server
Use jetty's built in support for listining on an OS selected port instead
Also increase timeouts to better account for slow/heavily loaded (ie:jenkins) VMs where SolrCore reloading may take longer then 10 seconds
* SOLR-13565: set proper permission name
* SOLR-13565: syncing with master
* SOLR-13565: syncing with master
* SOLR-13565: removed accidental change
* SOLR-13565: removed accidental change
* SOLR-13565: removed accidental change
* SOLR-13565: more tests
* SOLR-13565: Tests with key signing tests
* SOLR-13565: fixing concurrency issues in tests
* SOLR-13565: add tests with 512 bit RSA
* SOLR-13565: fixing concurrency issues
* SOLR-13565: remove unused code
* When ramPerThreadHardLimitMB is not specified, then Lucene's
default value 1945 is used. The specified value should be
greater than 0 and less than 2048MB
This reverts commit 6d6f14d391.
Reason for revert: after doing more testing I realized there are tests I overlooked which can (with randomized SSL usage) trigger NullPointerException
(or other related failures) in After/AfterClass due assumptions about cleanup that isn't actaully neccessary due to the AssumptionFailure
that may occur during Before/BeforeClass
This specific commit affects all points in the casebase where the argument of a StringBuilder.append() call is itself a regular String concatenation.
This defeats the purpose of using StringBuilder and also introduces an extra alloction.
These changes should avoid that.
ant tests have run, succeeded on local machine.
Removing test files from the changes.
Another suggested rework.
Kevin Risden
Robert Muir
Chris Hostetter
Ishan Chattopadhyaya
Houston Putman
Dawid Weiss
Dawid Weiss
Erick Erickson
Koen De Groote
Noble Paul
Christine Poerschke
Jason Gerlowski
noble
Tomoko Uchida
Munendra S N
Cao Manh Dat
Mikhail Khludnev