Erick Erickson commented on SOLR-12161:

Thanks! I thought I'd see this with a stand-alone program, but just checked and 
that turned out to be wrong so it looks like a test-only issue. Whew!

> CloudSolrClient with basic auth enabled will update even if no credentials 
> supplied
> -----------------------------------------------------------------------------------
>                 Key: SOLR-12161
>                 URL: https://issues.apache.org/jira/browse/SOLR-12161
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication
>    Affects Versions: 7.3
>            Reporter: Erick Erickson
>            Assignee: Noble Paul
>            Priority: Major
>         Attachments: AuthUpdateTest.java, SOLR-12161.patch, tests.patch
> This is an offshoot of SOLR-9399. When I was writing a test, if I create a 
> cluster with basic authentication set up, I can _still_ add documents to a 
> collection even without credentials being set in the request.
> However, simple queries, commits etc. all fail without credentials set in the 
> request.
> I'll attach a test class that illustrates the problem.
> If I use a new HttpSolrClient instead of a CloudSolrClient, then the update 
> request fails as expected.
> [~noblepaul] do you have any insight here? Possibly something with splitting 
> up the update request to go to each individual shard?

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to