[
https://issues.apache.org/jira/browse/SOLR-9399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15416319#comment-15416319
]
ASF GitHub Bot commented on SOLR-9399:
--------------------------------------
GitHub user susheelks opened a pull request:
https://github.com/apache/lucene-solr/pull/69
SOLR-9399: Delete requests do not send credentials & fails for Basic
Authentication
This is a bug fix to set Authentication credential in case of delete
requests.
There is a duplicate code between update & delete requests which most
likely has caused this issue and left to set credentials in case of delete
requests. I'll create a separate jira to refactor the code and also tests for
authentication seems to be broken.
The test class BasicAuthIntegrationTest doesn't have any test methods
except the protected method doExtraTests which doesn't seems to be called from
anywhere and delete tests needs to be added.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/susheelks/lucene-solr SOLR-9399
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/lucene-solr/pull/69.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #69
----
commit 7c68a42728531775240c7b6ff2bad5a23dfdb255
Author: Kumar, Susheel (CORP) <[email protected]>
Date: 2016-08-11T00:57:49Z
Added call to setBasicAuthCredentials for delete request
----
> Delete requests do not send credentials & fails for Basic Authentication
> ------------------------------------------------------------------------
>
> Key: SOLR-9399
> URL: https://issues.apache.org/jira/browse/SOLR-9399
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrJ
> Affects Versions: 6.0, 6.0.1, 6.x
> Reporter: Susheel Kumar
> Labels: security
>
> The getRoutes(..) func of UpdateRequest do not pass credentials to
> LBHttpSolrClient when deleteById is set while for updates it passes the
> credentials. See below code snippet
> if (deleteById != null) {
>
> Iterator<Map.Entry<String,Map<String,Object>>> entries =
> deleteById.entrySet()
> .iterator();
> while (entries.hasNext()) {
>
> Map.Entry<String,Map<String,Object>> entry = entries.next();
>
> String deleteId = entry.getKey();
> Map<String,Object> map = entry.getValue();
> Long version = null;
> if (map != null) {
> version = (Long) map.get(VER);
> }
> Slice slice = router.getTargetSlice(deleteId, null, null, null, col);
> if (slice == null) {
> return null;
> }
> List<String> urls = urlMap.get(slice.getName());
> if (urls == null) {
> return null;
> }
> String leaderUrl = urls.get(0);
> LBHttpSolrClient.Req request = routes.get(leaderUrl);
> if (request != null) {
> UpdateRequest urequest = (UpdateRequest) request.getRequest();
> urequest.deleteById(deleteId, version);
> } else {
> UpdateRequest urequest = new UpdateRequest();
> urequest.setParams(params);
> urequest.deleteById(deleteId, version);
> urequest.setCommitWithin(getCommitWithin());
> request = new LBHttpSolrClient.Req(urequest, urls);
> routes.put(leaderUrl, request);
> }
> }
> }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
