[SOLR-12354] org.apache.solr.security.PKIAuthenticationPlugin does not check response code when retrieving remotePublicKey - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 6.6.2, 6.6.3
Fix Version/s: 7.4, 8.0
Component/s: Authentication
Labels:
None

Description

in decipherHeader(), if keyCache does not contain the key of interest, then a remote call is made to retrieve the key from the remote host, by calling getRemotePublicKey, which fails if the server returns an html error page.

e.g.:

org.noggit.JSONParser$ParseException: JSON Parse Error: char=<,position=0 BEFORE='<' AFTER='html> <head> <meta http-equiv="Content-' at org.noggit.JSONParser.err(JSONParser.java:356) ~[noggit-0.6.jar:?] at org.noggit.JSONParser.handleNonDoubleQuoteString(JSONParser.java:712) ~[noggit-0.6.jar:?] at org.noggit.JSONParser.next(JSONParser.java:886) ~[noggit-0.6.jar:?] at org.noggit.JSONParser.nextEvent(JSONParser.java:930) ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.<init>(ObjectBuilder.java:44) ~[noggit-0.6.jar:?] at org.noggit.ObjectBuilder.getVal(ObjectBuilder.java:37) ~[noggit-0.6.jar:?]

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SOLR-12354.patch
01/Jun/18 12:00
18 kB
Noble Paul

Activity

People

Assignee:: Noble Paul

Reporter:: hamada

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 14/May/18 23:08

Updated:: 08/Jun/19 15:15

Resolved:: 05/Jun/18 02:10