Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13726

Krb5HttpClientBuilder avoid setting javax.security.auth.useSubjectCredsOnly

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security, SolrJ
    • None

    Description

      Solr should avoid setting system properties that affect the entire JVM. Specifically "javax.security.auth.useSubjectCredsOnly" is one that can cause a bunch of issues if SolrJ is colocated with other Kerberos secured services.

      Krb5HttpClientBuilder changes the JVM default to false if it is not set. It is defaulting to true. This affects everything in the JVM. Since SolrJ is meant to be client side, we should avoid doing this.

      https://github.com/apache/solr/blob/main/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L154

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              krisden Kevin Risden
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: