dsmiley commented on code in PR #2835:
URL: https://github.com/apache/solr/pull/2835#discussion_r1855235319
##########
gradle/testing/randomization/policies/solr-tests.policy:
##########
Review Comment:
solr-tests.policy and security.policy need to be kept in sync, mostly. It's
annoying. So I see you touched one in one way and the other in another way.
##########
solr/solr-ref-guide/modules/deployment-guide/pages/solr-on-hdfs.adoc:
##########
@@ -210,41 +210,6 @@ NRTCachingDirectory max cache size.
+
Pass the location of HDFS client configuration files - needed for HDFS HA for
example.
-=== Kerberos Authentication Settings
Review Comment:
as I mentioned, I think this can stay
##########
solr/core/src/java/org/apache/solr/security/RuleBasedAuthorizationPlugin.java:
##########
@@ -41,17 +40,11 @@ public void init(Map<String, Object> initInfo) {
String roleName = e.getKey();
usersVsRoles.put(roleName, Permission.readValueAsSet(map, roleName));
}
- useShortName =
- Boolean.parseBoolean(initInfo.getOrDefault("useShortName",
Boolean.FALSE).toString());
Review Comment:
what's this about?
##########
solr/server/etc/security.policy:
##########
@@ -131,16 +131,6 @@ grant {
permission javax.management.MBeanServerPermission "releaseMBeanServer";
permission javax.management.MBeanTrustPermission "register";
- // needed by hadoop auth
- permission javax.security.auth.AuthPermission "getSubject";
- permission javax.security.auth.AuthPermission "modifyPrincipals";
- permission javax.security.auth.AuthPermission "doAs";
- permission javax.security.auth.AuthPermission "getLoginConfiguration";
- permission javax.security.auth.AuthPermission "setLoginConfiguration";
- permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
- permission javax.security.auth.AuthPermission "modifyPublicCredentials";
- permission javax.security.auth.PrivateCredentialPermission
"org.apache.hadoop.security.Credentials * \"*\"", "read";
-
// needed by hadoop security
permission java.security.SecurityPermission
"putProviderProperty.SaslPlainServer";
permission java.security.SecurityPermission "insertProvider";
Review Comment:
can these be removed too?
(note: to test, edit solr-tests.policy, not this policy (which is
production), and run tests)
##########
solr/modules/hdfs/src/java/org/apache/solr/hdfs/HdfsDirectoryFactory.java:
##########
Review Comment:
It's not clear that you actually needed to touch this at all. I think the
the Hadoop Auth module and HDFS's Kerberos support are completely decoupled.
WDYT @risdenk
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
