Description
The RangerSolrAuthorizer controls access via a boolean "isDenied" which defaults to false. However, there is a try statement which just logs an error. This is a potential security risk, as a malformed request could cause (e.g.) a NPE which will result in 200 being returned.
Attachments
Attachments
Issue Links
- breaks
-
RANGER-1446 Ranger Solr Plugin does not work when the collection list in the request is empty
- Resolved
- is related to
-
RANGER-1171 Invert authorization logic in RangerKafkaAuthorizer
- Resolved