You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Jason Gerlowski (Jira)" <ji...@apache.org> on 2020/06/15 15:46:00 UTC

[jira] [Comment Edited] (SOLR-14569) HTTP 401 when searching on alias in secured Solr

    [ https://issues.apache.org/jira/browse/SOLR-14569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17135915#comment-17135915 ] 

Jason Gerlowski edited comment on SOLR-14569 at 6/15/20, 3:45 PM:
------------------------------------------------------------------

Hi Isabelle, thanks for reporting, sorry you're running into this.

The first thing I noticed is that the uploaded security.json file isn't valid JSON. (There's a comma missing after the "credentials" property).  Maybe this is a just a typo in the file you uploaded, but it's possible it's contributing to your issue in some way.  If you get a chance, try out your reproduction in a corrected security.json file.

-It might also help us if you bumped up the log-level for some security classes and included the relevant log snippets here.  Specifically the class "org.apache.solr.security.RuleBasedAuthorizationPluginBase" or the "org.apache.solr.security" package more generally.  You can do this by editing log4j2.xml in your Solr install, or on the "Logging" panel in the Solr Admin UI.-
EDIT: On second review, since the status code is a 401, this is likely caused by BasicAuth and not RuleBased-Authz.  So the debug logging I was asking for prob won't be useful here.


In the meantime I'll try to reproduce locally on my own.  


was (Author: gerlowskija):
Hi Isabelle, thanks for reporting, sorry you're running into this.

The first thing I noticed is that the uploaded security.json file isn't valid JSON. (There's a comma missing after the "credentials" property).  Maybe this is a just a typo in the file you uploaded, but it's possible it's contributing to your issue in some way.  If you get a chance, try out your reproduction in a corrected security.json file.

It might also help us if you bumped up the log-level for some security classes and included the relevant log snippets here.  Specifically the class "org.apache.solr.security.RuleBasedAuthorizationPluginBase" or the "org.apache.solr.security" package more generally.  You can do this by editing log4j2.xml in your Solr install, or on the "Logging" panel in the Solr Admin UI.


In the meantime I'll try to reproduce locally on my own.  

> HTTP 401 when searching on alias in secured Solr
> ------------------------------------------------
>
>                 Key: SOLR-14569
>                 URL: https://issues.apache.org/jira/browse/SOLR-14569
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication
>    Affects Versions: master (9.0), 8.5
>         Environment: Unit test on master branch (9x) built on Windows 10 with Java 11
> Solr 8.5.0 instance running on CentOS 7.7 with Java 11
>            Reporter: Isabelle Giguere
>            Priority: Major
>         Attachments: SOLR-14569.patch, security.json, solr_conf.zip
>
>
> The issue was first noticed on an instance of Solr 8.5.0, after securing Solr with security.json.
> Searching on a single collection returns the expected results, but searching on an alias returns HTTP 401.
> *Note that this issue is not reproduced when the collections are created using the _default configuration.*
> The attached patch includes a unit test that reproduces the issue.
> *Patch applies on master branch (9x)*: Do not include in the regular build !  The test is failing to illustrate this issue.
> The unit test is added to the test class that was originally part of the patch to fix SOLR-13510.
> I also attach:
> - our product-specific Solr configuration, modified to remove irrelevant plugins and fields
> - security.json with user 'admin' (pwd 'admin')
> -- Note that forwardCredentials true or false does not modify the behavior
> To test with this configuration:
> - Download and unzip Solr 8.5.0
> - Modify ./bin/solr.in.sh : 
> -- ZK_HOST (optional)
> -- SOLR_AUTH_TYPE="basic"
> -- SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
> - Upload security.json into Zookeeper
> -- ./bin/solr zk cp file:/path/to/security.json zk:/path/to/solr/security.json [-z <zk_host>:<zk_port>[/<solr>]]
> - Start Solr in cloud mode
> -- ./bin/solr -c
> - Upload the provided configuration
> - ./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d /path/to/folder/conf/
> - Create 2 collections using the uploaded configuration
> -- test1, test2
> - Create an alias grouping the 2 collections
> -- test = test1, test2
> - Query (/select?q=\*:\*) one collection
> -- results in successful Solr response
> - Query the alias (/select?q=\*:\*)
> -- results in HTTP 401
> There is no need to add documents to observe the issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org