You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by Chris Ulicny <cu...@iq.media> on 2017/09/28 16:19:03 UTC

Unauthorized Requests on Empty Solr Node

Hi all,

I've run into an issue with using the basic authentication plugin that
comes with solr 6.3.0 that seems to prevent requests from being processed
in certain situations.

Essentially, if we have a solr node as part of a cloud but contains no
replicas for any collection, it cannot process search requests from the
"solrreader" or "solrwriter" user for any of those collections. It just
returns a 403 Unauthorized request error.

I noticed some JIRA tickets for issues with blockUnknown functionality, but
both true and false result in the same problem.

The security.json file content is included below. Is there something wrong
with the permissions that were set that prevents the "reader" and "writer"
roles from communicating with the other nodes or is there something else I
should be looking into? I have the steps to replicate the issue if the
security.json shouldn't be the problem.

Thanks,
Chris

{  "authentication":{
    "blockUnknown":true,
    "class":"solr.BasicAuthPlugin",
    "credentials":{
      "solradmin":"hashedpassword",
      "solrreader":"hashedpassword",
      "solrwriter":"hashedpassword"},
    "":{"v":3}},
  "authorization":{
    "class":"solr.RuleBasedAuthorizationPlugin",
    "permissions":[
      {"name":"read","role":"reader"},
      {"name":"security-read","role":"reader"},
      {"name":"schema-read","role":"reader"},
      {"name":"config-read","role":"reader"},
      {"name":"core-admin-read","role":"reader"},
      {"name":"collection-admin-read","role":"reader"},
      {"name":"update","role":"writer"},
      {"name":"security-edit","role":"admin"},
      {"name":"schema-edit","role":"admin"},
      {"name":"config-edit","role":"admin"},
      {"name":"core-admin-edit","role":"admin"},
      {"name":"collection-admin-edit","role":"admin"},
      {"name":"all","role":"admin"}],
    "user-role":{
      "solradmin":["reader","writer","admin"],
      "solrreader":["reader"],
      "solrwriter":["reader","writer"]},
    "":{"v":2}}}