[
https://issues.apache.org/jira/browse/SOLR-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13594627#comment-13594627
]
Per Steffensen edited comment on SOLR-4470 at 3/6/13 11:39 AM:
---------------------------------------------------------------
New patch. Passes precommit if you do the following
{code}
cd <checkout-of-branch_4x-r1452629>
patch -p0 -i SOLR-4470_branch_4x_r1452629.patch
svn stat | grep "^?" | awk '{print $2}' | xargs svn add
svn propset svn:eol-style native
solr/core/src/java/org/apache/solr/security/InterSolrNodeAuthCredentialsFactory.java
svn propset svn:eol-style native
solr/core/src/java/org/apache/solr/servlet/security/RegExpAuthorizationFilter.java
svn propset svn:eol-style native
solr/core/src/test/org/apache/solr/cloud/SecurityDistributedTest.java
svn propset svn:eol-style native
solr/solrj/src/java/org/apache/solr/security/AuthCredentials.java
svn propset svn:eol-style native
solr/test-framework/src/java/org/apache/solr/cloud/InterSolrNodeAuthCredentialsFactoryTestingHelper.java
ant precommit
{code}
Only problem is that it says "Linting documentation HTML is not supported on
this Java version (1.6) / JVM (Java HotSpot(TM) 64-Bit Server VM).", but I
guess that is because I am not "is.jenkins.build", and I do not know what to do
about that on my local machine. If I comment out the stuff in target
"-documentation-lint-unsupported" in lucene/common-build.xml it passes "ant
precommit"
Besides that, the new patch contains a small modification to
RegExpAuthorizationFilter so that it works in both a "real" jetty and in a
"test" jetty (started by JettySolrRunning). Strange but
HttpServletRequest.getPathInfo() returns the correct path in "test" jetty, but
returns null in "real" jetty. And HttpServletRequest.getServletPath() returns
correct path in "real" jetty, but returns empty/null in "test" jetty - so now
we use whatever is non-null/empty.
was (Author: steff1193):
New patch. Passes precommit if you do the following
{code}
cd <checkout-of-branch_4x-r1452629>
patch -p0 -i SOLR-4470_branch_4x_r1452629.patch
svn stat | grep "^?" | awk '{print $2}' | xargs svn add
svn propset svn:eol-style native
solr/core/src/java/org/apache/solr/security/InterSolrNodeAuthCredentialsFactory.java
svn propset svn:eol-style native
solr/core/src/java/org/apache/solr/servlet/security/RegExpAuthorizationFilter.java
svn propset svn:eol-style native
solr/core/src/test/org/apache/solr/cloud/SecurityDistributedTest.java
svn propset svn:eol-style native
solr/solrj/src/java/org/apache/solr/security/AuthCredentials.java
svn propset svn:eol-style native
solr/test-framework/src/java/org/apache/solr/cloud/InterSolrNodeAuthCredentialsFactoryTestingHelper.java
ant precommit
{code}
Only problem is that it says "Linting documentation HTML is not supported on
this Java version (1.6) / JVM (Java HotSpot(TM) 64-Bit Server VM).", but I
guess that is because I am not "is.jenkins.build", and I do not know what to do
about that on my local machine. If I comment out the stuff in target
"-documentation-lint-unsupported" in lucene/common-build.xml it passes "ant
precommit"
> Support for basic http auth in internal solr requests
> -----------------------------------------------------
>
> Key: SOLR-4470
> URL: https://issues.apache.org/jira/browse/SOLR-4470
> Project: Solr
> Issue Type: Bug
> Components: clients - java, multicore, replication (java), SolrCloud
> Affects Versions: 4.0
> Reporter: Per Steffensen
> Labels: authentication, solrclient, solrcloud
> Fix For: 4.2
>
> Attachments: SOLR-4470_branch_4x_r1452629.patch,
> SOLR-4470_branch_4x_r1452629.patch
>
>
> We want to protect any HTTP-resource (url). We want to require credentials no
> matter what kind of HTTP-request you make to a Solr-node.
> It can faily easy be acheived as described on
> http://wiki.apache.org/solr/SolrSecurity. This problem is that Solr-nodes
> also make "internal" request to other Solr-nodes, and for it to work
> credentials need to be provided here also.
> Ideally we would like to "forward" credentials from a particular request to
> all the "internal" sub-requests it triggers. E.g. for search and update
> request.
> But there are also "internal" requests
> * that only indirectly/asynchronously triggered from "outside" requests (e.g.
> shard creation/deletion/etc based on calls to the "Collection API")
> * that do not in any way have relation to an "outside" "super"-request (e.g.
> replica synching stuff)
> We would like to aim at a solution where "original" credentials are
> "forwarded" when a request directly/synchronously trigger a subrequest, and
> fallback to a configured "internal credentials" for the
> asynchronous/non-rooted requests.
> In our solution we would aim at only supporting basic http auth, but we would
> like to make a "framework" around it, so that not to much refactoring is
> needed if you later want to make support for other kinds of auth (e.g. digest)
> We will work at a solution but create this JIRA issue early in order to get
> input/comments from the community as early as possible.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
