This is an automated email from the ASF dual-hosted git repository.
gerlowskija pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/main by this push:
new ddb312d7c7d Revert "SOLR-16720: Defer PKI header creation to send-time
(#1495)"
ddb312d7c7d is described below
commit ddb312d7c7d5814131b1f7d17da8fe8c30b38883
Author: Jason Gerlowski <[email protected]>
AuthorDate: Fri Apr 7 09:48:14 2023 -0400
Revert "SOLR-16720: Defer PKI header creation to send-time (#1495)"
This reverts commit 8b8f9f6726296749551a6edfffe7aa2ccae7dc0e.
---
solr/CHANGES.txt | 3 --
.../solr/security/PKIAuthenticationPlugin.java | 41 +++++-----------------
2 files changed, 9 insertions(+), 35 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 1d6b5b39c2e..d28e2fc3b70 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -104,9 +104,6 @@ Bug Fixes
* SOLR-16730: Fix NPE in SystemInfoHandler for inter-node requests that would
cause the Nodes page not to load.
SystemInfoHandler no longer populates the username, roles and permissions in
inter-node requests. (Tomás Fernández Löbbe)
-* SOLR-16720: PKI headers are now populated closer to when inter-node requests
are actually sent,
- making TTL expiry less likely. (Jason Gerlowski, Alex Deparvu)
-
* SOLR-16728: Fix Classloading Exception for inter-node requests when using
SSL and HTTP2.
All Jetty classes are able to be shared between the Jetty server and webApp
now. (Houston Putman)
diff --git
a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
index 82a77934dcc..6a005559f9b 100644
--- a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
@@ -368,20 +368,9 @@ public class PKIAuthenticationPlugin extends
AuthenticationPlugin
public void setup(Http2SolrClient client) {
final HttpListenerFactory.RequestResponseListener listener =
new HttpListenerFactory.RequestResponseListener() {
- private static final String CACHED_REQUEST_USER_KEY =
"cachedRequestUser";
-
@Override
public void onQueued(Request request) {
- // The onBegin hook below (potentially) runs in a separate Jetty
thread than was
- // used to submit the request. While we're still in the
submitting thread, fetch
- // the user information from the SolrRequestInfo thread local and
cache it on the
- // Request so it can be accessed accurately in onBegin
- cachePreFetchedUserOnJettyRequest(request);
- }
-
- @Override
- public void onBegin(Request request) {
- log.trace("onBegin: {}", request);
+ log.trace("onQueued: {}", request);
if (cores.getAuthenticationPlugin() == null) {
log.trace("no authentication plugin, skipping");
return;
@@ -390,12 +379,10 @@ public class PKIAuthenticationPlugin extends
AuthenticationPlugin
if (log.isDebugEnabled()) {
log.debug("{} secures this internode request",
this.getClass().getSimpleName());
}
-
- final Optional<String> preFetchedUser =
getUserFromJettyRequest(request);
if ("v1".equals(System.getProperty(SEND_VERSION))) {
- generateToken(preFetchedUser).ifPresent(s ->
request.header(HEADER, s));
+ generateToken().ifPresent(s -> request.header(HEADER, s));
} else {
- generateTokenV2(preFetchedUser).ifPresent(s ->
request.header(HEADER_V2, s));
+ generateTokenV2().ifPresent(s -> request.header(HEADER_V2, s));
}
} else {
if (log.isDebugEnabled()) {
@@ -405,15 +392,6 @@ public class PKIAuthenticationPlugin extends
AuthenticationPlugin
}
}
}
-
- private void cachePreFetchedUserOnJettyRequest(Request request) {
- request.attribute(CACHED_REQUEST_USER_KEY, getUser());
- }
-
- private Optional<String> getUserFromJettyRequest(Request request) {
- return Optional.ofNullable(
- (String) request.getAttributes().get(CACHED_REQUEST_USER_KEY));
- }
};
client.addListenerFactory(() -> listener);
}
@@ -480,8 +458,8 @@ public class PKIAuthenticationPlugin extends
AuthenticationPlugin
}
@SuppressForbidden(reason = "Needs currentTimeMillis to set current time in
header")
- private Optional<String> generateToken(Optional<String> preFetchedUser) {
- String usr = preFetchedUser.orElse(getUser());
+ private Optional<String> generateToken() {
+ String usr = getUser();
if (usr == null) {
return Optional.empty();
}
@@ -494,9 +472,8 @@ public class PKIAuthenticationPlugin extends
AuthenticationPlugin
return Optional.of(myNodeName + " " + base64Cipher);
}
- private Optional<String> generateTokenV2(Optional<String> preFetchedUser) {
-
- String user = preFetchedUser.orElse(getUser());
+ private Optional<String> generateTokenV2() {
+ String user = getUser();
if (user == null) {
return Optional.empty();
}
@@ -511,9 +488,9 @@ public class PKIAuthenticationPlugin extends
AuthenticationPlugin
void setHeader(HttpRequest httpRequest) {
if ("v1".equals(System.getProperty(SEND_VERSION))) {
- generateToken(Optional.empty()).ifPresent(s ->
httpRequest.setHeader(HEADER, s));
+ generateToken().ifPresent(s -> httpRequest.setHeader(HEADER, s));
} else {
- generateTokenV2(Optional.empty()).ifPresent(s ->
httpRequest.setHeader(HEADER_V2, s));
+ generateTokenV2().ifPresent(s -> httpRequest.setHeader(HEADER_V2, s));
}
}
