Add SolrClient-based integration test for JWT auth plugin V2 config API

[Copilot]

V2JWTSecurityApiMappingTest only verified JAX-RS annotations via reflection — it never exercised the actual endpoint. This adds a real integration test that boots a cluster and calls the API through SolrClient.

New: JWTAuthPluginConfigApiTest

• Spins up a 2-node cluster with JWT auth (jwt_plugin_jwk_security.json)
• Verifies unauthenticated POST /cluster/security/authentication is rejected (401)
• Sends an authenticated V2Request with `Authorization: ****** and confirms the config change persists

Payload construction

Uses JWTConfigurationPayload (the typed SolrJ model) wrapped in Map.of("set-property", ...) rather than a raw JSON string. V2Request.Builder.withPayload() accepts any MapWriter, so ReflectMapWriter serialization handles the wire format automatically:

JWTConfigurationPayload updatePayload = new JWTConfigurationPayload();
updatePayload.blockUnknown = false;

V2Request updateRequest =
    new V2Request.Builder("/cluster/security/authentication")
        .withMethod(SolrRequest.METHOD.POST)
        .withPayload(Map.of("set-property", updatePayload))
        .build();
updateRequest.addHeader("Authorization", "Bearer " + jwtTestToken);

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• develocity.apache.org
  • Triggering command: /usr/lib/jvm/temurin-21-jdk-amd64/bin/java /usr/lib/jvm/temurin-21-jdk-amd64/bin/java -XX:ReservedCodeCacheSize=256m -XX:TieredStopAtLevel=1 -XX:+UseParallelGC -XX:ActiveProcessorCount=1 --add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED --add-exports jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED --add-exports jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED --add-exports jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED --add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.prefs/java.util.prefs=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED (dns block)
• metadata.google.internal
  • Triggering command: /usr/lib/jvm/temurin-21-jdk-amd64/bin/java /usr/lib/jvm/temurin-21-jdk-amd64/bin/java -Dcommon-solr.dir=/home/REDACTED/work/solr/solr/solr -Dgradle.lib.dir=/home/REDACTED/.gradle/wrapper/dists/gradle-8.10-bin/deqhafrv1ntovfmgh0nh3npr9/gradle-8.10/lib -Dgradle.user.home=/home/REDACTED/.gradle -Dgradle.worker.jar=/home/REDACTED/.gradle/caches/8.10/workerMain/gradle-worker.jar -Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Djava.security.manager=default -Djava.security.policy=/home/REDACTED/work/solr/solr/gradle/testing/randomization/policies/solr-tests.policy -Djava.util.logging.config.file=/home/REDACTED/work/solr/solr/gradle/testing/defaults-tests/logging.properties -Djdk.map.althashing.threshold=0 -Djetty.insecurerandom=1 -Djetty.testMode=1 -Djunit4.childvm.count=1 -Djunit4.childvm.id=0 -Dorg.gradle.internal.worker.tmpdir=/home/REDACTED/work/solr/solr/solr/modules/jwt-auth/build/tmp/test/work -DtempDir=/home/REDACTED/work/solr/solr/build/tmp/tests-tmp -Dtests.LUCENE_VERSION=10.3.2 -Dtests.asserts=true -Dtests.codec=random (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.