Details
-
New Feature
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
Description
This feature is related to SOLR-6625. I have a kerberos filter defined in solr's web.xml and need to authenticate. As mentioned in SOLR-6625, we are required to send a repeatable request in order to trigger SPNego negotiation prior to sending a non-repeatable (PUT or POST) request. The standard way to do this seems to be to send an OPTIONS call, see for example, hadoop's KerberosAuthenticator (https://github.com/apache/hadoop/blob/eace218411a7733abb8dfca6aaa4eb0557e25e0c/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java#L185-L186). This is arbitrary, i.e. we could trigger the negotiation based on some path rather then the request method, but it seems better to just use what other projects use here rather than make up our own solution.