Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-4776

SolrAuditDestination should use local SSLContext instead of setting the system-wide default

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Patch Available
    • Major
    • Resolution: Unresolved
    • None
    • None
    • audit, plugins
    • None

    Description

      SolrAuditDestination in Ranger Plugin connects to Solr via HTTPS. As part of the SSL setup, SolrAuditDestination overrides the system default SSLContext with Ranger's keystore/truststore.

      It has a side effect that other components in the embedding application (within the same JVM) cannot use the original Java system truststore (cacerts) by default.

      The Solr HTTP client provides an option to set the SSL context locally (that is for the Solr client only) instead of using the system-wide default and this would be the preferred way to pass the SSL context in, without affecting other components in the JVM.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. RANGER-2567 Ranger fails to connect wired Solr

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              turcsanyip Peter Turcsanyi
              turcsanyip Peter Turcsanyi
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10m
                  10m