[
https://issues.apache.org/jira/browse/SOLR-16720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17709685#comment-17709685
]
ASF subversion and git services commented on SOLR-16720:
--------------------------------------------------------
Commit ddb312d7c7d5814131b1f7d17da8fe8c30b38883 in solr's branch
refs/heads/main from Jason Gerlowski
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=ddb312d7c7d ]
Revert "SOLR-16720: Defer PKI header creation to send-time (#1495)"
This reverts commit 8b8f9f6726296749551a6edfffe7aa2ccae7dc0e.
> PKI should decorate outgoing requests at "sending", not "enqueueing" time
> -------------------------------------------------------------------------
>
> Key: SOLR-16720
> URL: https://issues.apache.org/jira/browse/SOLR-16720
> Project: Solr
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: 9.2
> Reporter: Jason Gerlowski
> Priority: Minor
> Attachments: SOLR-16720-reproduce.patch, Screen Shot 2023-04-07 at
> 9.16.30 AM.png, reproduce.sh
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently, PKIAuthenticationPlugin decorates intra-node requests using an
> 'onQueue' lifecycle hook, which is triggered when the request is enqueued for
> processing by the (asynchronous) Jetty http client.
> This works great on many systems. However on heavily loaded clusters the
> time between Jetty "queueing" the request and it actually being sent out can
> be non-negligible. If this gap becomes wide enough, the TTL encoded into the
> PKI auth header might have substantially or fully expired by the time the
> receiving node gets the request.
> We should experiment with moving PKI header decoration to the 'onBegin' hook
> instead, which fires much closer to the actual request-send time on heavily
> loaded servers.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
