You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Shamik Bandopadhyay (JIRA)" <ji...@apache.org> on 2016/05/21 20:09:13 UTC
[jira] [Created] (SOLR-9143) Solr basic authentication randomly
throwing "Invalid Key" error
Shamik Bandopadhyay created SOLR-9143:
-----------------------------------------
Summary: Solr basic authentication randomly throwing "Invalid Key" error
Key: SOLR-9143
URL: https://issues.apache.org/jira/browse/SOLR-9143
Project: Solr
Issue Type: Bug
Components: security
Affects Versions: 5.5
Reporter: Shamik Bandopadhyay
I'm facing a weird issue where Basic authentications are failing randomly. The error is originating as "Invalid key" from PKIAuthenticationPlugin.java followed by missing userPrincipal. Here's the stacktrace:
ERROR923629[qtp466002798-20] -
org.apache.solr.security.PKIAuthenticationPlugin.doAuthenticate(PKIAuthenticationPlugin.java:125)
- Invalid key
INFO923630[qtp466002798-20] -
org.apache.solr.security.RuleBasedAuthorizationPlugin.checkPathPerm(RuleBasedAuthorizationPlugin.java:144)
- request has come without principal. failed permission
org.apache.solr.security.RuleBasedAuthorizationPlugin$Permission@1a343033
INFO923630[qtp466002798-20] -
org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:429) -
USER_REQUIRED auth header null context : userPrincipal: [null] type:
[READ], collections: [knowledge,], Path: [/select] path : /select params
:df=text&distrib=false&qt=/select&preferLocalShards=false&fl=id&fl=score&shards.purpose=4&start=0&fsv=true&shard.url=
http://xx.xxx.x.222:8983/solr/knowledge/|http://xx.xxx.xxx.246:8983/solr/knowledge/&rows=3&version=2&q=*:*&NOW=1463512962899&isShard=true&wt=javabin
My security.json
{
"authentication": {
"blockUnknown": false,
"class": "solr.BasicAuthPlugin",
"credentials": {
"solr": "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
}
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"user-role": {
"solr": "admin",
"solradmin": "admin",
"beehive": "dev",
"readuser": "read"
},
"permissions": [
{
"name": "security-edit",
"role": "admin"
},
{
"name": "browse",
"collection": "knowledge",
"path": "/browse",
"role": [
"admin",
"dev",
"read"
]
},
{
"name": "select",
"collection": "knowledge",
"path": "/select",
"role": [
"admin",
"dev",
"read"
]
},
{
"name": "admin-ui",
"path": "/",
"role": [
"admin",
"dev"
]
},
{
"name": "update",
"role": [
"admin",
"dev"
]
},
{
"name": "collection-admin-edit",
"role": [
"admin"
]
},
{
"name": "schema-edit",
"role": [
"admin"
]
},
{
"name": "config-edit",
"role": [
"admin"
]
}
]
}
}
Sample Java client:
SolrClient client = new CloudSolrClient("zoohost1:2181,zoohost2:2181,zoohost3:2181");
((CloudSolrClient)client).setDefaultCollection(DEFAULT_COLLECTION);
ModifiableSolrParams param = getSearchSolrQuery();
SolrRequest<?> solrRequest = new QueryRequest(param);
solrRequest.setBasicAuthCredentials(USER, PASSWORD);
try{
for(int j=0;j<20;j++){
NamedList results = client.request(solrRequest);
}
}catch(Exception ex){
}
private static ModifiableSolrParams getSearchSolrQuery() {
ModifiableSolrParams solrParams = new ModifiableSolrParams();
solrParams.set("q", "*:*");
solrParams.set("qt","/select");
solrParams.set("rows", "3");
return solrParams;
}
Sometimes, the error is being thrown at the very first call, otherwise in the middle of the iteration. It's consistent with my custom user or the default "solr/SolrRocks". I even cleaned up the zookeeper data, started the cluster from fresh, uploaded the security.json, but without any luck.
Incidentally, I'm also seeing similar exception if I try to start and stop a node in the cluster while indexing is in process. Here's the log:
ERROR 19543[qtp466002798-21] - org.apache.solr.security.PKIAuthenticationPlugin.doAuthenticate(PKIAuthenticationPlugin.java:125) - Invalid key
INFO 19543[qtp466002798-21] - org.apache.solr.security.RuleBasedAuthorizationPlugin.checkPathPerm(RuleBasedAuthorizationPlugin.java:144) - request has come without principal. failed permission org.apache.solr.security.RuleBasedAuthorizationPlugin$Permission@101fe889
INFO 19543[qtp466002798-21] - org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:429) - USER_REQUIRED auth header null context : userPrincipal: [null] type: [WRITE], collections: [knowledge,], Path: [/update] path : /update params :update.distrib=FROMLEADER&distrib.from=http://xx.xxx.xxx.246:8983/solr/knowledge/&wt=javabin&version=2
Based on the source code, it seems like the error is generated due to timeout issues. I bumped up SOLR_OPTS="$SOLR_OPTS -Dpkiauth.ttl=50000" to 50 sec, but didn't make any difference.
My cluster contains 2 shards with 1 replica each.
I'll appreciate if someone can take a look and provide me some pointers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org