[
https://issues.apache.org/jira/browse/SOLR-15073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17261501#comment-17261501
]
Christine Poerschke commented on SOLR-15073:
--------------------------------------------
Hello [~nyivan]. Is
[https://github.com/apache/lucene-solr/blob/releases/lucene-solr/8.7.0/solr/core/src/java/org/apache/solr/handler/admin/SystemInfoHandler.java#L344-L348]
the code area you are referring to? If it is then observationally
{code:java}
- if (auth != null) {
+ if (auth instanceof RuleBasedAuthorizationPluginBase) {
RuleBasedAuthorizationPluginBase rbap =
(RuleBasedAuthorizationPluginBase) auth;
Set<String> roles = rbap.getUserRoles(req.getUserPrincipal());
info.add("roles", roles);
}
{code}
might provide a solution. Possibly with an else branch to set {{roles}} to null
or empty set, if (say) the security info in the Solr Admin UI added in
SOLR-14237 needs it. What do you think?
> Unsafe cast in SystemInfoHandler
> --------------------------------
>
> Key: SOLR-15073
> URL: https://issues.apache.org/jira/browse/SOLR-15073
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Nikolay Ivanov
> Priority: Major
>
> I have observed an unsafe cast inĀ
> SystemInfoHandler::getSecurityInfo
> Is this by design? Currently I have a custom AuthorizationPlugin that
> directly implements AuthorizationPlugin interface. With the latest solr
> version it is not permitted anymore. A workaround is to extend the
> RuleBasedAuthorizationPluginBase, which is not ideal imo. Please share your
> thoughts
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
