feat(config): HTTP Basic Authentication credentials (builds on #89)#152
Merged
Conversation
Add optional `solr.username` / `solr.password` configuration properties (also bound from the `SOLR_USERNAME` / `SOLR_PASSWORD` environment variables) that, when both are set, are applied to every SolrJ request via `HttpJdkSolrClient.Builder#withBasicAuthCredentials`. When either value is missing or the username is blank, the client is built without credentials so existing unauthenticated deployments are unaffected. Documents the new variables in the Development and Architecture guides and adds `SolrConfigAuthTest` covering: - no credentials attached when both values are missing, - no credentials attached when only one value is provided (or the username is blank), and - credentials applied when both values are provided. The existing `SolrConfigUrlNormalizationTest` is updated to the new record constructor. Co-authored-by: Claude <noreply@anthropic.com> Signed-off-by: Yunus Emre Korkmaz <yunus.emre.korkmaz@turboard.com>
…uth wiring Review cleanup on top of the HTTP Basic Auth support from #89 (by @dolphinium). No behavioural change to the feature. - SolrConfig: replace the inline `username != null && !username.isEmpty()` guard with Spring's `StringUtils.hasText`, matching the convention already used in HttpSecurityConfiguration and SearchService. - SolrConfigAuthTest: drop the hand-rolled superclass-walking `findField` helper in favour of `ReflectionUtils.findField`/`makeAccessible`/`getField`, and tighten the over-defensive `equals(x) || equals("Basic " + x)` assertion to an exact `assertEquals` now that the stored format is known (SolrJ stores `"Basic " + Base64(user:pass)` in UTF-8). ./gradlew build passes (Spotless + NullAway + full test suite incl. Testcontainers). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: adityamparikh <aditya.m.parikh@gmail.com>
3 tasks
Signed-off-by: Eric Pugh <epugh@opensourceconnections.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds optional HTTP Basic Authentication for the SolrJ client. This builds directly on #89 by @dolphinium — it carries their original feature commit unchanged and adds a small review-cleanup commit on top.
Credit for the feature belongs to @dolphinium (original PR: #89). This PR exists to fold in the feedback from a code review + simplification pass so the change can land clean.
What's included
dolphinium's feature commit (unchanged): optional
solr.username/solr.passwordproperties (bound fromSOLR_USERNAME/SOLR_PASSWORD), applied viaHttpJdkSolrClient.Builder#withBasicAuthCredentialsonly when both are present. Fully backwards-compatible — existing unauthenticated deployments are unaffected.Review cleanup commit (no behavioural change):
SolrConfig: replace the inlineusername != null && !username.isEmpty()guard with Spring'sStringUtils.hasText(username), matching the convention already used inHttpSecurityConfigurationandSearchService.SolrConfigAuthTest: drop the hand-rolled superclass-walkingfindFieldhelper forReflectionUtils.findField/makeAccessible/getField, and tighten the over-defensiveequals(x) || equals("Basic " + x)assertion to an exactassertEquals(verified againstsolr-solrj:10.0.0: the client stores"Basic " + Base64(user:pass)in UTF-8).Tests
SolrConfigAuthTest: parameterized coverage of none / username-only / password-only / blank-username / both.SolrConfigUrlNormalizationTest: updated to the new record constructor../gradlew buildpasses locally (Spotless + NullAway + full unit/integration suite incl. Testcontainers).Notes
🤖 Generated with Claude Code