Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13726

Krb5HttpClientBuilder avoid setting javax.security.auth.useSubjectCredsOnly

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security, SolrJ
    • Labels:
      None

      Description

      Solr should avoid setting system properties that affect the entire JVM. Specifically "javax.security.auth.useSubjectCredsOnly" is one that can cause a bunch of issues if SolrJ is colocated with other Kerberos secured services.

      Krb5HttpClientBuilder changes the JVM default to false if it is not set. It is defaulting to true. This affects everything in the JVM. Since SolrJ is meant to be client side, we should avoid doing this.

      https://github.com/apache/lucene-solr/blame/master/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L144

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                krisden Kevin Risden
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: