Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SOLR-16240: Fix kerberosPlugin module classloading #1546

Merged
merged 5 commits into from Apr 10, 2023
Merged

SOLR-16240: Fix kerberosPlugin module classloading #1546

merged 5 commits into from Apr 10, 2023

Conversation

HoustonPutman
Copy link
Contributor

https://issues.apache.org/jira/browse/SOLR-16240

The easy way out vs waiting on a hadoop fix and a hadoop release.

janhoy
janhoy approved these changes Apr 5, 2023
View reviewed changes
Copy link
Contributor

@janhoy janhoy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Surprisingly simple workaround. Need to add exception to ForbiddenAPIs, and perhaps a code comment with JIRA link as a reminder to remove the workaround some day.

@HoustonPutman
Copy link
Contributor Author

Yeah will get that stuff cleaned up. Not sure we will want to remove this workaround, it does let us use non-request centric plugins without worrying if those plugins use the thread classloader or not. (This is similar workaround we do for the sql module, which has libraries that will never accept a cloassloader probably...)

I don't want to move merge this without an integration test, but I'm not sure how to get that working for kerberos... Might play around with that later if no one else has ideas.

@HoustonPutman
Copy link
Contributor Author

@janhoy added an integration test, which seems to work as expected, and fails when I remove the line that fixes this PR. Let me know if it looks good to you.

@janhoy
Copy link
Contributor

janhoy commented Apr 10, 2023

LGTM

@HoustonPutman HoustonPutman merged commit d9eba43 into apache:main Apr 10, 2023
4 of 5 checks passed
@HoustonPutman HoustonPutman deleted the module-classloader-security branch April 10, 2023 17:06
HoustonPutman added a commit that referenced this pull request Apr 10, 2023
@HoustonPutman
SOLR-16240: Fix kerberosPlugin module classloading (#1546)
631b42f 
Also added an integration test for the hadoop-auth module.

(cherry picked from commit d9eba43)
HoustonPutman added a commit that referenced this pull request Apr 10, 2023
@HoustonPutman
SOLR-16240: Fix kerberosPlugin module classloading (#1546)
57685b9 
Also added an integration test for the hadoop-auth module.

(cherry picked from commit d9eba43)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@janhoy janhoy janhoy approved these changes

@risdenk risdenk risdenk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@HoustonPutman @janhoy @risdenk