bct-timo-crabbe opened a new pull request, #3397: URL: https://github.com/apache/solr/pull/3397
https://issues.apache.org/jira/browse/SOLR-17789 # Description Solr nodes do not pass full authorization details to other nodes. Steps to reproduce: 1. Deploy cluster with more then one node 2. Use a authentication plugin where roles are supplied externally (like JWTAuth). 3. Add a private collection with lower number of replicas then the number of nodes in the cluster 4. Send request to node that does not holds a replica of the collection to force forwarding. This results in a return code 403. # Solution Add the current user's Security Principal on the HttpClientContext in the sendRemoteQuery method (`solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java`) like the executeMethod method on the HttPSolrClient (`solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpSolrClient.java`) # Tests testInternodeAuthorization on the jwt-auth plugin (`solr\modules\jwt-auth\src\test\org\apache\solr\security\jwt\JWTAuthPluginIntegrationTest.java`). This test will setup a test cluster with three nodes, create a private collection with only two replicas and will query every node for the documents in the collection. # Checklist Please review the following and check all that apply: - [x] I have reviewed the guidelines for [How to Contribute](https://github.com/apache/solr/blob/main/CONTRIBUTING.md) and my code conforms to the standards described there to the best of my ability. - [x] I have created a Jira issue and added the issue ID to my pull request title. - [x] I have given Solr maintainers [access](https://help.github.com/en/articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork) to contribute to my PR branch. (optional but recommended, not available for branches on forks living under an organisation) - [ ] I have developed this patch against the `main` branch. - [x] I have developed this patch against the `branch_9x` branch. - [x] I have run `./gradlew check`. - Failed on benchmarking tests - [x] I have added tests for my changes. - [ ] I have added documentation for the [Reference Guide](https://github.com/apache/solr/tree/main/solr/solr-ref-guide) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
