[jira] [Updated] (SOLR-9640) Support PKI authentication in standalone mode

Thu, 13 Oct 2016 07:41:05 -0700 

     [ 
https://issues.apache.org/jira/browse/SOLR-9640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Høydahl updated SOLR-9640:
------------------------------
    Attachment: SOLR-9640.patch

Attaching patch which works with  my limited testing

* Fix bug in SolrDispatchFilter - path {{/admin/info/key}} should always be 
open. It required authentication since we were comparing with {{getPathInfo}} 
instead of {{getServletPath}}
* Always register PKIAuthenticationPlugin in CoreContainer
* In {{PKIAuthenticationPlugin.getRemotePublicKey()}} generate URL for node 
based on {{nodeName}} when not running ZK mode

Local testing with manual sharding between two standalone nodes works, the PKI 
kicks in. Have not tested with /replication etc.

h3. Todo:
* Write a unit test
* Generating nodeName from {{host}} and {{port}} properties of CloudConfig, 
which seems a bit odd when not running cloud. Could we move these three lines 
outside the {{<solrcloud>}} tag in {{solr.xml}}?
{code:xml}
    <str name="host">${host:}</str>
    <int name="hostPort">${jetty.port:8983}</int>
    <str name="hostContext">${hostContext:solr}</str>
{code}
* Generating urlScheme based on whether an ssl property is set, since we do not 
have access to clusterProps. Is this the best way?
{code}
urlScheme = System.getProperty("solr.jetty.keystore") == null ? "http" : 
"https";
{code}

> Support PKI authentication in standalone mode
> ---------------------------------------------
>
>                 Key: SOLR-9640
>                 URL: https://issues.apache.org/jira/browse/SOLR-9640
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>            Reporter: Jan Høydahl
>         Attachments: SOLR-9640.patch
>
>
> While working with SOLR-9481 I managed to secure Solr standalone on a 
> single-node server. However, when adding 
> {{&shards=localhost:8081/solr/foo,localhost:8082/solr/foo}} to the request, I 
> get 401 error.
> To solve it we either need to add support for inter-node stuff in all the 
> plugins, but it would be sweet if the PKI stuff would work also for 
> standalone.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to