[GitHub] [lucene-solr] janhoy commented on a change in pull request #2430: SOLR-15194: relax requirements and allow http urls.

Thu, 25 Feb 2021 16:34:19 -0800 


janhoy commented on a change in pull request #2430:
URL: https://github.com/apache/lucene-solr/pull/2430#discussion_r583296977



##########
File path: solr/core/src/java/org/apache/solr/security/JWTIssuerConfig.java
##########
@@ -68,6 +68,11 @@
   private WellKnownDiscoveryConfig wellKnownDiscoveryConfig;
   private String clientId;
   private String authorizationEndpoint;
+  
+  public static boolean ALLOW_OUTBOUND_HTTP = 
Boolean.parseBoolean(System.getProperty("solr.auth.jwt.allowOutboundHttp", 
"false"));
+  public static final String ALLOW_OUTBOUND_HTTP_ERR_MSG = "Outbound non SSL 
protected JWT authentication urls are not enabled, start your nodes with 
-Dsolr.auth.jwt.allowOutboundHttp=true.";

Review comment:
       Hard to read sentence - dobule negation. What about 
   >HTTPS required for IDP communication. Please use SSL or start your nodes 
with -Dsolr.auth.jwt.allowOutboundHttp=true to allow HTTP for test purposes.

##########
File path: solr/core/src/java/org/apache/solr/security/JWTIssuerConfig.java
##########
@@ -68,6 +68,11 @@
   private WellKnownDiscoveryConfig wellKnownDiscoveryConfig;
   private String clientId;
   private String authorizationEndpoint;
+  
+  public static boolean ALLOW_OUTBOUND_HTTP = 
Boolean.parseBoolean(System.getProperty("solr.auth.jwt.allowOutboundHttp", 
"false"));
+  public static final String ALLOW_OUTBOUND_HTTP_ERR_MSG = "Outbound non SSL 
protected JWT authentication urls are not enabled, start your nodes with 
-Dsolr.auth.jwt.allowOutboundHttp=true.";
+
+

Review comment:
       Unneccessary spaces

##########
File path: solr/solr-ref-guide/src/jwt-authentication-plugin.adoc
##########
@@ -161,6 +161,10 @@ Let's comment on this config:
 <12> Configure the audience claim. A token's 'aud' claim must match 'aud' for 
one of the configured issuers.
 <13> This issuer is auto configured through discovery, so 'iss' and JWK 
settings are not required
 
+=== Using non SSL URLs
+In Production you should always use SSL protected HTTPS connections since Solr 
is making an outbound connection,

Review comment:
       Production -> "production environments"
   Remove "since Solr is making an outbound connection"?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to