[ https://issues.apache.org/jira/browse/SOLR-12354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16498262#comment-16498262 ]
Varun Thacker commented on SOLR-12354: -------------------------------------- Hi Noble, In SolrDispatchFilter we create a CoreContainer object and then call the load method {code:java} protected CoreContainer createCoreContainer(Path solrHome, Properties extraProperties) { NodeConfig nodeConfig = loadNodeConfig(solrHome, extraProperties); final CoreContainer coreContainer = new CoreContainer(nodeConfig, extraProperties, true); coreContainer.load(); return coreContainer; }{code} In CoreContainer#load we create the ZooKeeper container object and register this node as a live node under /live_nodes So by moving the public key initialization from CoreContrainer#load to the constructor we ensure that the handler is available before a node is registered as a live node There will always be a race between when the solr port get's initialized and the CoreContainer object get's created. We expect all clients to only issue a request to a node if it's registered under /live_nodes Is my understanding of the issue correct here? If it is then can we simply move the handler initialization before this statement in CoreContainer#load . It should have the same effect right? {code:java} zkSys.initZooKeeper(this, solrHome, cfg.getCloudConfig());{code} On a side note CoreContainer has unused imports which would break precommit > org.apache.solr.security.PKIAuthenticationPlugin does not check response code > when retrieving remotePublicKey > ------------------------------------------------------------------------------------------------------------- > > Key: SOLR-12354 > URL: https://issues.apache.org/jira/browse/SOLR-12354 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication > Affects Versions: 6.6.2, 6.6.3 > Reporter: hamada > Assignee: Noble Paul > Priority: Major > Attachments: SOLR-12354.patch > > > in decipherHeader(), if keyCache does not contain the key of interest, then a > remote call is made to retrieve the key from the remote host, by calling > getRemotePublicKey, which fails if the server returns an html error page. > e.g.: > org.noggit.JSONParser$ParseException: JSON Parse Error: char=<,position=0 > BEFORE='<' AFTER='html> <head> <meta http-equiv="Content-' at > org.noggit.JSONParser.err(JSONParser.java:356) ~[noggit-0.6.jar:?] at > org.noggit.JSONParser.handleNonDoubleQuoteString(JSONParser.java:712) > ~[noggit-0.6.jar:?] at org.noggit.JSONParser.next(JSONParser.java:886) > ~[noggit-0.6.jar:?] at org.noggit.JSONParser.nextEvent(JSONParser.java:930) > ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.<init>(ObjectBuilder.java:44) > ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.getVal(ObjectBuilder.java:37) > ~[noggit-0.6.jar:?] -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org