SOLR-18270: cert auth plugin : add request attribute parametrization

[heitzjm]

https://issues.apache.org/jira/browse/SOLR-18270

Description

The parameter used by the cert auth plugin to get the SSL client certificate can be configured in security.json, as the attribute name changed (java EE => jakarta EE)

Solution

This PR adds the parameter and its usage, as well as adds some tests, and updates the documentation.

Tests

Class solr/core/src/test/org/apache/solr/security/CertAuthPluginRequestAttributeTest.java : adds parametrized test to ensure that the default value works, and that a custom value is taken into account. The class heavily borrows code from solr/core/src/test/org/apache/solr/security/CertAuthPluginTest.java

Checklist

Please review the following and check all that apply:

• I have reviewed the guidelines for How to Contribute and my code conforms to the standards described there to the best of my ability.
• I have created a Jira issue and added the issue ID to my pull request title.
• I have given Solr maintainers access to contribute to my PR branch. (optional but recommended, not available for branches on forks living under an organisation)
• I have developed this patch against the main branch.
• I have run ./gradlew check.

> Task :solr:core:test
:solr:core:test (FAILURE): 5586 test(s), 1 failure(s), 183 skipped

5586 tests completed, 1 failed, 183 skipped

> Task :solr:solr-ref-guide:test
:solr:solr-ref-guide:test (SUCCESS): 40 test(s)
 
...

ERROR: The following test(s) have failed:
  - org.apache.solr.TestDistributedGrouping.test (:solr:core)
    Test history: https://develocity.apache.org/scans/tests?search.rootProjectNames=solr-root&tests.container=org.apache.solr.TestDistributedGrouping&tests.test=test http://fucit.org/solr-jenkins-reports/history-trend-of-recent-failures.html#series/org.apache.solr.TestDistributedGrouping.test
    Test output: /tmp/SOLR/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.TestDistributedGrouping.txt
    Reproduce with: ./gradlew :solr:core:test --tests "org.apache.solr.TestDistributedGrouping.test" "-Ptests.jvmargs=-XX:TieredStopAtLevel=1 -XX:+UseParallelGC -XX:ActiveProcessorCount=1 -XX:ReservedCodeCacheSize=120m" -Ptests.seed=34687A3DF4AB53C4 -Ptests.useSecurityManager=true -Ptests.file.encoding=ISO-8859-1

The test failed because of a timeout. I reran the test only after that, and it then succeeded.

• I have added tests for my changes.
• I have added documentation for the Reference Guide
• I have added a changelog entry for my change

[laminelam]

This is not an authentication policy choice, it's an internal servlet details that does not need to be exposed to the user.
I think, your other PR is more appropriate to solve the issue.

[heitzjm]

Fine, I am going to implement the fallback in the PR 4474. However, to me, the attribute name is not an internal servlet detail : it is a kind of "contract" between the application server and the application - and the attribute name appears in specs (Jakarta Servlet Specifications - https://jakarta.ee/specifications/servlet/). So, I think it would be great to add a comment in the CertAuthPlugin documentation about it. In fact, it was difficult for me to find out what went wrong, so adding a note about the importance of the spec might help other users in some (I hope unlikely) use cases. What do you think? Le lun. 1 juin 2026 à 18:09, Lamine ***@***.***> a écrit :

…

*laminelam* left a comment (apache/solr#4479) <#4479 (comment)> This is not an authentication policy choice, it's an internal servlet details that does not need to be exposed to the user. I think, your other PR <#4474> is more appropriate to solve the issue. — Reply to this email directly, view it on GitHub <#4479?email_source=notifications&email_token=AVJXZPBF2S5ZMMOMRWWWPG345WTELA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINJZGQZTMNRSGU32M4TFMFZW63VGMF2XI2DPOKSWK5TFNZ2KYZTPN52GK4S7MNWGSY3L#issuecomment-4594366257>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AVJXZPA4UKESNOMQVTFJUVL45WTELAVCNFSM6AAAAACZT5OZBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DKOJUGM3DMMRVG4> . Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS <https://github.com/notifications/mobile/ios/AVJXZPDDYQWDJTJU56J7QIL45WTELA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINJZGQZTMNRSGU32M4TFMFZW63VGMF2XI2DPOKSWK5TFNZ2KUZTPN52GK4S7NFXXG> and Android <https://github.com/notifications/mobile/android/AVJXZPD4INOLKRIIJPBNXNL45WTELA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINJZGQZTMNRSGU32M4TFMFZW63VGMF2XI2DPOKSWK5TFNZ2K4ZTPN52GK4S7MFXGI4TPNFSA>. Download it today! You are receiving this because you authored the thread.Message ID: ***@***.***>

[heitzjm]

As #4474 seems to be more appropriate, I closed this PR in favor to the other PR.