diff --git a/changelog/unreleased/SOLR-18270-easy-fix-without-parametrization.yml b/changelog/unreleased/SOLR-18270-easy-fix-without-parametrization.yml new file mode 100644 index 00000000000..a63be6bdac6 --- /dev/null +++ b/changelog/unreleased/SOLR-18270-easy-fix-without-parametrization.yml @@ -0,0 +1,8 @@ +title: Update looked up attribute for SSL authentication +type: fixed +authors: + - name: Jean-Marie HEITZ + nick: heitzjm +links: + - name: SOLR-18270 + url: https://issues.apache.org/jira/projects/SOLR/issues/SOLR-18270 diff --git a/solr/core/src/java/org/apache/solr/security/CertAuthPlugin.java b/solr/core/src/java/org/apache/solr/security/CertAuthPlugin.java index 091191fd409..ee4ba9b368c 100644 --- a/solr/core/src/java/org/apache/solr/security/CertAuthPlugin.java +++ b/solr/core/src/java/org/apache/solr/security/CertAuthPlugin.java @@ -38,6 +38,8 @@ public class CertAuthPlugin extends AuthenticationPlugin { private static final String PARAM_PRINCIPAL_RESOLVER = "principalResolver"; private static final String PARAM_CLASS = "class"; private static final String PARAM_PARAMS = "params"; + private static final String OLD_REQUEST_ATTRIBUTE_NAME="javax.servlet.request.X509Certificate"; + private static final String CURRENT_REQUEST_ATTRIBUTE_NAME="jakarta.servlet.request.X509Certificate"; private static final CertPrincipalResolver DEFAULT_PRINCIPAL_RESOLVER = certificate -> certificate.getSubjectX500Principal(); @@ -102,7 +104,10 @@ public boolean doAuthenticate( HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws Exception { X509Certificate[] certs = - (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); + (X509Certificate[]) request.getAttribute(CURRENT_REQUEST_ATTRIBUTE_NAME); + if (certs == null || certs.length == 0) { + certs=(X509Certificate[]) request.getAttribute(OLD_REQUEST_ATTRIBUTE_NAME); + } if (certs == null || certs.length == 0) { return sendError(response, "require certificate"); }