You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2023/03/15 09:43:00 UTC

[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception

    [ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17700579#comment-17700579 ] 

Jan Høydahl commented on SOLR-12813:
------------------------------------

I felt this Jira describes the issue better than SOLR-12583, so re-openening to treat this as a bug in [subquery transformer|https://solr.apache.org/guide/solr/latest/query-guide/document-transformers.html#subquery] rather than a feature request for "basic auth" support.

The [subquery] transformer performs *internal* queries to other nodes by itself in a background thread, and thus auth credentials are lost. In my opinion such sub queries should either inherit the auth of original request (if {{{}forwardCredentials=true{}}}) or use PKI auth.

Patches are welcome.

> SolrCloud + 2 shards + subquery + auth = 401 Exception
> ------------------------------------------------------
>
>                 Key: SOLR-12813
>                 URL: https://issues.apache.org/jira/browse/SOLR-12813
>             Project: Solr
>          Issue Type: Bug
>          Components: security, SolrCloud
>    Affects Versions: 6.4.1, 7.5, 8.11
>            Reporter: Igor Fedoryn
>            Priority: Major
>         Attachments: screen1.png, screen2.png
>
>
> Environment: * Solr 6.4.1
>  * Zookeeper 3.4.6
>  * Java 1.8
> Run Zookeeper
> Upload simple configuration wherein the Solr schema has fields for a relationship between parent/child
> Run two Solr instance (2 nodes)
> Create the collection with 1 shard on each Solr nodes
>  
> Add parent document to one shard and child document to another shard.
> The response for: * /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id v=$row.ParentIdsField}
> correct.
>  
> After that add Basic Authentication with some user for collection.
> Restart Solr or reload Solr collection.
> If the simple request /select?q=*:* with authorization on Solr server is a success then run previously request
> with authorization on Solr server and you get the exception: "Solr HTTP error: Unauthorized (401) "
>  
> Screens in the attachment.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org