You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Mike Drob (Jira)" <ji...@apache.org> on 2021/04/12 20:15:00 UTC
[jira] [Resolved] (SOLR-15236) Distributed search with index
sharding is not working with basic authentication plugin enabled
[ https://issues.apache.org/jira/browse/SOLR-15236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Drob resolved SOLR-15236.
------------------------------
Resolution: Duplicate
> Distributed search with index sharding is not working with basic authentication plugin enabled
> ----------------------------------------------------------------------------------------------
>
> Key: SOLR-15236
> URL: https://issues.apache.org/jira/browse/SOLR-15236
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Affects Versions: 8.7, 8.8.1
> Environment: Archi Linux, Zulu JDK11, Solr 8.8.1
> Reporter: Samir Huremovic
> Priority: Critical
> Labels: Authentication
>
> Issue confirmed for 8.7 and 8.8.1.
> Steps to reproduce are:
> 1. Following the docs for setting up distributed search (https://solr.apache.org/guide/8_8/distributed-search-with-index-sharding.html).
> 1.1 Stop both nodes after confirming that distributed search works without basic auth (last step).
> 2. Enable basic authentication plugin for both nodes, example for {{example/nodes/node1/security.json}}:
> {{
> {
> "authentication":{
> "blockUnknown": true,
> "class":"solr.BasicAuthPlugin",
> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="},
> "realm":"My Solr users",
> "forwardCredentials": false
> }}
> }}
> 3. Configure {{shardsWhitelist}} in {{solr.xml}} of each node {{example/nodes/node1/solr.xml}}
> {{
> <shardHandlerFactory name="shardHandlerFactory"
> class="HttpShardHandlerFactory">
> <int name="socketTimeout">${socketTimeout:600000}</int>
> <int name="connTimeout">${connTimeout:60000}</int>
> <str name="shardsWhitelist">localhost:8984,localhost:8985</str>
> </shardHandlerFactory>
> }}
> 4. Start both nodes.
> 5. Confirm that searching on one node with basic auth works with {{curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=*:*&wt=xml&indent=true"}}
> 6. Confirm that searching on both nodes does not work with {{curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=*:*&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
> Error:
> {{
> ❯ curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=*:*&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
> <?xml version="1.0" encoding="UTF-8"?>
> <response>
> <lst name="responseHeader">
> <int name="status">401</int>
> <int name="QTime">173</int>
> <lst name="params">
> <str name="q">*:*</str>
> <str name="shards">localhost:8985/solr/core1,localhost:8984/solr/core1</str>
> <str name="indent">true</str>
> <str name="fl">id,name</str>
> <str name="wt">xml</str>
> </lst>
> </lst>
> <lst name="error">
> <lst name="metadata">
> <str name="error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
> <str name="root-error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
> </lst>
> <str name="msg">Error from server at null: Expected mime type application/octet-stream but got text/html. <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 401 require authentication</title>
> </head>
> <body><h2>HTTP ERROR 401 require authentication</h2>
> <table>
> <tr><th>URI:</th><td>/solr/core1/select</td></tr>
> <tr><th>STATUS:</th><td>401</td></tr>
> <tr><th>MESSAGE:</th><td>require authentication</td></tr>
> <tr><th>SERVLET:</th><td>default</td></tr>
> </table>
> </body>
> </html>
> </str>
> <int name="code">401</int>
> </lst>
> </response>
> }}
> See also SOLR-14569 that seems similar, but the patch provided does not help after I applied it to 8.8.1, therefore I think this is not the same issue.
> Adjust priority as necessary. For cases where basic auth is required this means we cannot use Solr as of now.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org