Project

General

Profile

Actions

Bug #6899

closed

Send auth token with Solr queries

Added by Lauren Walker almost 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
Start date:
12/08/2015
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

So that private data shows up in search results

Actions #1

Updated by ben leinfelder almost 9 years ago

I think it's probably fine to send the auth token with query requests, but I'm a little concerned that the browser session isn't providing access to private content. After all, that's how we are able to retrieve an auth token from the portal following authentication as it is. Perhaps something changed with all the proxying that happens through the search server apache config on to the cn solr index. Could we look into this together to make sure we're not adding a band aid to something that needs sutures?

Actions #2

Updated by Lauren Walker almost 9 years ago

Yep, let's discuss this

Actions #3

Updated by Lauren Walker almost 9 years ago

The token is now being sent with queries - but a bug in d1_solr_extensions needs to be ironed out and slated for d1 2.0.1 before I can test that it's all working with the UI.

Actions #4

Updated by Lauren Walker almost 9 years ago

  • Status changed from New to Resolved

Auth tokens are sent in the request header of almost all requests sent by MetacatUI now. The exceptions are requests sent to third-party services such as Bioportal and ORCID, and Metacat services like the online metadata registry. The app will need to send the initial DataCatalog or Metadata View search twice since it first will send before the token is retrieved, and then again once the token is retrieved and the user model is configured as logged-in.

Actions

Also available in: Atom PDF