Skip to content

SOLR-18270 CertAuthPlugin : update the lookup attribute (without parametrization)#4474

Open
heitzjm wants to merge 7 commits into
apache:mainfrom
heitzjm:SOLR_18270_CERT_AUTH_PLUGIN_EASY
Open

SOLR-18270 CertAuthPlugin : update the lookup attribute (without parametrization)#4474
heitzjm wants to merge 7 commits into
apache:mainfrom
heitzjm:SOLR_18270_CERT_AUTH_PLUGIN_EASY

Conversation

@heitzjm

@heitzjm heitzjm commented May 29, 2026

Copy link
Copy Markdown

https://issues.apache.org/jira/browse/SOLR-18270

Description

This PR only update the request attribute used by CertAuthPlugin to match the one filled by Jetty 12 - for SOLR 10. SOLR 9 works fine in the Official Docker Image, as it uses a lower major Jetty version.

Solution

This PR only updates the request attribute used by CertAuthPlugin to match the one filled by Jetty 12 - for SOLR 10, and provides, after revision, as advised by @laminelam, a fallback on the old attribute.

Tests

I checked locally by compiling SOLR from source, as well as building Docker Image from source and tested it in a K8S environment.

Checklist

Please review the following and check all that apply:

  • I have reviewed the guidelines for How to Contribute and my code conforms to the standards described there to the best of my ability.
  • I have created a Jira issue and added the issue ID to my pull request title.
  • I have given Solr maintainers access to contribute to my PR branch. (optional but recommended, not available for branches on forks living under an organisation)
  • I have developed this patch against the main branch.
  • I have run ./gradlew check.
    5582 tests completed, 1 failed, 184 skipped
    ERROR: The following test(s) have failed:
    • org.apache.solr.handler.component.AsyncTrackerSemaphoreLeakTest.testSemaphoreLeakOnLBRetry (:solr:core)
      => however, in my opinion, this test does not seem to be relevant for this PR
  • I have added tests for my changes.
  • I have added documentation for the Reference Guide
  • I have added a changelog entry for my change
    unreleased/SOLR-18270-easy-fix-without-parametrization.yml

@laminelam

Copy link
Copy Markdown
Contributor

I'd rather have jakarta as default and javax as fallback for code back-portability and compatibility.

@heitzjm

heitzjm commented Jun 1, 2026

Copy link
Copy Markdown
Author

As asked, I've just updated this PR with the fallback.
I ran the tests again :

:solr:core:test (FAILURE): 5583 test(s), 1 failure(s), 2611 skipped

5583 tests completed, 1 failed, 2611 skipped

> Task :solr:core:test FAILED
ERROR: The following test(s) have failed:
  - org.apache.solr.cloud.LeaderTragicEventTest (:solr:core)
    Test history: https://develocity.apache.org/scans/tests?search.rootProjectNames=solr-root&tests.container=org.apache.solr.cloud.LeaderTragicEventTest
    Test output: /tmp/SOLR/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.cloud.LeaderTragicEventTest.txt
    Reproduce with: ./gradlew :solr:core:test --tests "org.apache.solr.cloud.LeaderTragicEventTest" "-Ptests.jvmargs=-XX:TieredStopAtLevel=1 -XX:+UseParallelGC -XX:ActiveProcessorCount=1 -XX:ReservedCodeCacheSize=120m" -Ptests.seed=8D6096E2411286D8 -Ptests.useSecurityManager=true -Ptests.file.enc
    

I ran the failed test again, and it was successful.

Comment thread changelog/unreleased/SOLR-18270-easy-fix-without-parametrization.yml Outdated
(X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
(X509Certificate[]) request.getAttribute(CURRENT_REQUEST_ATTRIBUTE_NAME);
if (certs == null || certs.length == 0) {
certs=(X509Certificate[]) request.getAttribute(OLD_REQUEST_ATTRIBUTE_NAME);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still need to check the old name?
My understanding is this name changed with new Jetty. I don't think we will ever go back to the other name. We are good with checking only the new name in 10+.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think both should stay - in my understanding, SOLR, at its basis, is a web application that could run in other java web application servers than the Jetty provided in the Docker image - so I think it would be better to keep both names to ease integration. This way, this PR might even be merged to SOLR 9 as well.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense. Lets keep it this way.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may want to rename the variables to something meaningful, how about:

JAVAX_REQUEST_ATTRIBUTE_NAME
JAKARTA_REQUEST_ATTRIBUTE_NAME ?

Also, you will need to run spotless check, you're missing some white spaces

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@heitzjm these days, Solr only runs in Jetty, and we've been getting more specific to just that. Notice we no longer produce a .war file. I think the only place where you might have solr run in another container is via the EmbeddedSolr approach.. Having said that, I don't think we have made a "This is how it is" explicit decision, and I'm fine with the backcompat for now.

@psalagnac

Copy link
Copy Markdown
Contributor

If nothing else comes to the PR, I'll merge it early next week.

@psalagnac psalagnac added this to the 10.x milestone Jul 15, 2026
(X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
(X509Certificate[]) request.getAttribute(CURRENT_REQUEST_ATTRIBUTE_NAME);
if (certs == null || certs.length == 0) {
certs=(X509Certificate[]) request.getAttribute(OLD_REQUEST_ATTRIBUTE_NAME);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may want to rename the variables to something meaningful, how about:

JAVAX_REQUEST_ATTRIBUTE_NAME
JAKARTA_REQUEST_ATTRIBUTE_NAME ?

Also, you will need to run spotless check, you're missing some white spaces

@heitzjm

heitzjm commented Jul 15, 2026

Copy link
Copy Markdown
Author

Thanks @laminelam and @psalagnac . I have just updated the code. I hope it is fine now.

@psalagnac

Copy link
Copy Markdown
Contributor

@heitzjm Formatting is still broken. Please make sure to run ./gradlew precommit before pushing (spotless formatting can be applied with ./gradlew tidy).

@heitzjm

heitzjm commented Jul 16, 2026

Copy link
Copy Markdown
Author

Thanks @psalagnac for the gradlew commands, I have just run them.

@epugh

epugh commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

I just triggered the builds...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants