You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Samir Huremovic (Jira)" <ji...@apache.org> on 2021/03/09 22:54:00 UTC
[jira] [Created] (SOLR-15236) Distributed search with index
sharding is not working with basic authentication plugin enabled
Samir Huremovic created SOLR-15236:
--------------------------------------
Summary: Distributed search with index sharding is not working with basic authentication plugin enabled
Key: SOLR-15236
URL: https://issues.apache.org/jira/browse/SOLR-15236
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: Authentication
Affects Versions: 8.8.1, 8.7
Environment: Archi Linux, Zulu JDK11, Solr 8.8.1
Reporter: Samir Huremovic
Issue confirmed for 8.7 and 8.8.1.
Steps to reproduce are:
1. Following the docs for setting up distributed search (https://solr.apache.org/guide/8_8/distributed-search-with-index-sharding.html).
1.1 Stop both nodes after confirming that distributed search works without basic auth (last step).
2. Enable basic authentication plugin for both nodes, example for {{example/nodes/node1/security.json}}:
{{
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="},
"realm":"My Solr users",
"forwardCredentials": false
}}
}}
3. Configure {{shardsWhitelist}} in {{solr.xml}} of each node {{example/nodes/node1/solr.xml}}
{{
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
<int name="socketTimeout">${socketTimeout:600000}</int>
<int name="connTimeout">${connTimeout:60000}</int>
<str name="shardsWhitelist">localhost:8984,localhost:8985</str>
</shardHandlerFactory>
}}
4. Start both nodes.
5. Confirm that searching on one node with basic auth works with {{curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=*:*&wt=xml&indent=true"}}
6. Confirm that searching on both nodes does not work with {{curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=*:*&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
Error:
{{
❯ curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=*:*&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
<?xml version="1.0" encoding="UTF-8"?>
<response>
<lst name="responseHeader">
<int name="status">401</int>
<int name="QTime">173</int>
<lst name="params">
<str name="q">*:*</str>
<str name="shards">localhost:8985/solr/core1,localhost:8984/solr/core1</str>
<str name="indent">true</str>
<str name="fl">id,name</str>
<str name="wt">xml</str>
</lst>
</lst>
<lst name="error">
<lst name="metadata">
<str name="error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
<str name="root-error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
</lst>
<str name="msg">Error from server at null: Expected mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 require authentication</title>
</head>
<body><h2>HTTP ERROR 401 require authentication</h2>
<table>
<tr><th>URI:</th><td>/solr/core1/select</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>require authentication</td></tr>
<tr><th>SERVLET:</th><td>default</td></tr>
</table>
</body>
</html>
</str>
<int name="code">401</int>
</lst>
</response>
}}
See also SOLR-14569 that seems similar, but the patch provided does not help after I applied it to 8.8.1, therefore I think this is not the same issue.
Adjust priority as necessary. For cases where basic auth is required this means we cannot use Solr as of now.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org