lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Updated] (SOLR-9640) Support PKI authentication in standalone mode
Date Thu, 13 Oct 2016 14:40:20 GMT

     [ https://issues.apache.org/jira/browse/SOLR-9640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jan Høydahl updated SOLR-9640:
------------------------------
    Attachment: SOLR-9640.patch

Attaching patch which works with  my limited testing

* Fix bug in SolrDispatchFilter - path {{/admin/info/key}} should always be open. It required
authentication since we were comparing with {{getPathInfo}} instead of {{getServletPath}}
* Always register PKIAuthenticationPlugin in CoreContainer
* In {{PKIAuthenticationPlugin.getRemotePublicKey()}} generate URL for node based on {{nodeName}}
when not running ZK mode

Local testing with manual sharding between two standalone nodes works, the PKI kicks in. Have
not tested with /replication etc.

h3. Todo:
* Write a unit test
* Generating nodeName from {{host}} and {{port}} properties of CloudConfig, which seems a
bit odd when not running cloud. Could we move these three lines outside the {{<solrcloud>}}
tag in {{solr.xml}}?
{code:xml}
    <str name="host">${host:}</str>
    <int name="hostPort">${jetty.port:8983}</int>
    <str name="hostContext">${hostContext:solr}</str>
{code}
* Generating urlScheme based on whether an ssl property is set, since we do not have access
to clusterProps. Is this the best way?
{code}
urlScheme = System.getProperty("solr.jetty.keystore") == null ? "http" : "https";
{code}

> Support PKI authentication in standalone mode
> ---------------------------------------------
>
>                 Key: SOLR-9640
>                 URL: https://issues.apache.org/jira/browse/SOLR-9640
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>            Reporter: Jan Høydahl
>         Attachments: SOLR-9640.patch
>
>
> While working with SOLR-9481 I managed to secure Solr standalone on a single-node server.
However, when adding {{&shards=localhost:8081/solr/foo,localhost:8082/solr/foo}} to the
request, I get 401 error.
> To solve it we either need to add support for inter-node stuff in all the plugins, but
it would be sweet if the PKI stuff would work also for standalone.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message