Solr
  1. Solr
  2. SOLR-8053

support basic auth in SolrJ

        Details

        • Type: Improvement Improvement
        • Status: Closed
        • Priority: Minor Minor
        • Resolution: Fixed
        • Affects Version/s: None
        • Fix Version/s: 5.4, 6.0
        • Component/s: None
        • Labels:
          None

          Issue Links

          duplicates

          New Feature - A new feature of the product, which has yet to be developed. SOLR-7839 SolrJ support for BasicAuth

          • Major - Major loss of function.
          • Closed
          is depended upon by

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-8213 SolrJ JDBC support basic authentication

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-8048 bin/solr script should accept user name and password for basicauth

          • Major - Major loss of function.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. SOLR-6341 Preemtive Basic Auth not possible with SolrJ 4.8

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-8056 Add a Solrj client constructor to accept custom SolrParams

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

            Activity

            Ascending order - Click to sort in descending order
            Hide
            Permalink
            ASF subversion and git services added a comment -

            Commit 1703145 from Noble Paul in branch 'dev/trunk'
            [ https://svn.apache.org/r1703145 ]

            SOLR-8053: Basic auth support in SolrJ

            Show
            ASF subversion and git services added a comment - Commit 1703145 from Noble Paul in branch 'dev/trunk' [ https://svn.apache.org/r1703145 ] SOLR-8053 : Basic auth support in SolrJ
            Hide
            Permalink
            ASF subversion and git services added a comment -

            Commit 1703173 from Noble Paul in branch 'dev/branches/branch_5x'
            [ https://svn.apache.org/r1703173 ]

            SOLR-8053: Basic auth support in SolrJ

            Show
            ASF subversion and git services added a comment - Commit 1703173 from Noble Paul in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1703173 ] SOLR-8053 : Basic auth support in SolrJ
            Hide
            Permalink
            Yonik Seeley added a comment -

            I don't know that much about security, but could you explain a little about how this works in with the existing basic auth stuff in HttpClientUtil:

              // Basic auth username 
  public static final String PROP_BASIC_AUTH_USER = "httpBasicAuthUser";
  // Basic auth password 
  public static final String PROP_BASIC_AUTH_PASS = "httpBasicAuthPassword";

            What the issues were with the existing basic auth stuff and how this patch changes that?

            Show
            Yonik Seeley added a comment - I don't know that much about security, but could you explain a little about how this works in with the existing basic auth stuff in HttpClientUtil: // Basic auth username public static final String PROP_BASIC_AUTH_USER = "httpBasicAuthUser" ; // Basic auth password public static final String PROP_BASIC_AUTH_PASS = "httpBasicAuthPassword" ; What the issues were with the existing basic auth stuff and how this patch changes that?
            Hide
            Permalink
            Noble Paul added a comment -

            but could you explain a little about how this works in with the existing basic auth stuff in HttpClientUtil

            This was a hack introduced to add the basic auth headers when Solr makes inter-node requests. After 5.3 we have native support for inter-node authentication. This lets you to have only one user/pwd combination in the entire cluster which meant all requests were performed as same user

            IMHO we should deprecate this.

            This ticket makes the user/pwd configurable of a per request basis.

            SolrRequest req ;//create  anew request object
req.setBasicAuthCredentials(userName,  password);
solrClient.request(req);
            Show
            Noble Paul added a comment - but could you explain a little about how this works in with the existing basic auth stuff in HttpClientUtil This was a hack introduced to add the basic auth headers when Solr makes inter-node requests. After 5.3 we have native support for inter-node authentication. This lets you to have only one user/pwd combination in the entire cluster which meant all requests were performed as same user IMHO we should deprecate this. This ticket makes the user/pwd configurable of a per request basis. SolrRequest req ; //create anew request object req.setBasicAuthCredentials(userName, password); solrClient.request(req);
            Hide
            Permalink
            Hrishikesh Gadre added a comment -

            I just filed SOLR-8056 to provide similar support at the SolrClient level as well.

            Show
            Hrishikesh Gadre added a comment - I just filed SOLR-8056 to provide similar support at the SolrClient level as well.

              People

              • Assignee:
                Noble Paul
                Reporter:
                Noble Paul
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Development