[jira] [Comment Edited] (SOLR-14569) Configuring a shardHandlerFactory on the /select requestHandler results in HTTP 401 when searching on alias in secured Solr

["Mark Robert Miller (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SOLR-14569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460692#comment-17460692 ] 

Mark Robert Miller edited comment on SOLR-14569 at 12/16/21, 1:11 PM:
----------------------------------------------------------------------

So I have run into this before and addressed it. I was looking at it now from another jira issue - the one that user tested that basic auth has not worked since back in a 7 release if not in SolrCloud mode.

Anyway, I hit this issue in my own branch because some butterflies getting stepped on made it into a much larger problem that started failing all tests with internode request using security.

I’ve been been trying to fully refresh my knowledge and that jira since yesterday morning, but the universe has been attacking me, or maybe the time authority or some thing.

(I had an electrician over to install outlets and an energy monitoring smart thing in the breaker box. Unknown to me, my wife has the pool company replacing a pump they installed and had failed at the same time. Unknown to me and beyond reasonable coincidence, the citi was in my backyard almost all day with like teams  of people, enough  workers walking back and forth by my office window and in and out of my yard that you can’t ignore conspiracy theories around their simple claim that they own a major electric wire running through my property.  Meanwhile their trunks line SHIELD showed up. 

When that settled down and I started a very late work day, my wife convinced me that in fact I had been torturing her with ridiculous sound attacks for the past year and a half while wholly denying it was remotely possible — by demanding I stop humming quietly under my breath while she was in the other side of the house. Remote decibel inspection broke my mind, and I went to work to figure out a solution.   A 3 decimal rise in sound is like doubling it. I won’t even say the dec differences I was regularly firing.  Meanwhile, hell continued to rain. Later, amount a few fun times, I walked directly into an open, full dishwasher door in the dark. My computer went wild on basic stuff I’ve done every day for months. I reached that level of what the hell is going on that you end up more in a state of cold awe than swear infused anger. Everything I’ve tried to make make happen since yesterday morning has gone into insanity. 

Just background I can’t keep internal.

But anyway, in my complete failed agenda has been to discuss the solution I had put in the branch for this stuff with Anshum. I was at the tail end of trying to finish some verification and refresh if anything entangling had popped and require further changes that I didn’t recall.

The long short of that solution is to handle this like the original http 
@client did vs what seemed a strange choice to chart this alternate handling that the http2 client does. 


was (Author: markrmiller):
So I have run into this before and addressed it. I was looking at it now from another jira issue - the one that user tested that basic auth has not worked since back in a 7 release if not in SolrCloud mode.

Anyway, I hit this issue in my own branch because some butterflies getting stepped on made it into a much larger problem that started failing all tests with internode request using security.

I’ve been been trying to fully refresh my knowledge and that jira since yesterday morning, but the universe has been attacking me, or maybe the time authority or some thing.

(I had an electrician over to install outlets and an energy monitoring smart thing in the breaker box. Unknown to me, my wife has the pool company replacing a pump they installed and had failed at the same time. Unknown to me and beyond reasonable coincidence, the citi was in my backyard almost all day with like teams  of people, enough  workers walking back and forth by my office window and in irk of my yard that you can’t ignore conspiracy theories around there simple claim that they own a major electric wire running through my property.  Meanwhile their trunks like the street like shield he showed up. 

When that settled down and I started a very late work day, my wife convinced me that in fact I had been torturing her with ridiculous sound attacks for the past year and a half whole whole denying it was remotely possible by demanding I stop humming quietly under my breath while she was in the other side of the house. Remote decibel inspection broke me mind, and I went to work to figure out a solution. Satisfied I had one, hell continued to rain. I walked directly into and open, full dishwasher door in the dark. My computer went wild on basic stuff I’ve done every day for months. I reached that level of what the hell is going on that you end up more in a state of cold awe that swear infused anger. Everything I’ve tried to make make happen since yesterday morning has ruined jnto inanity.)

Just background I can’t keep internal.

But anyway, in my complete failed agenda has been to discuss the solution I had put in the branch for this stuff with Anshum. I was at the tail end of trying to finish some verification and refresh if anything entangling had popped and require further changes that I didn’t recall.

The long short of that solution is to handle this like the original http 
@client did vs what seemed a strange choice to chart this alternate handling that the http2 client does. 

> Configuring a shardHandlerFactory on the /select requestHandler results in HTTP 401 when searching on alias in secured Solr
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-14569
>                 URL: https://issues.apache.org/jira/browse/SOLR-14569
>             Project: Solr
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: 8.5, main (9.0)
>         Environment: Unit test on master branch (9x) built on Windows 10 with Java 11
> Solr 8.5.0 instance running on CentOS 7.7 with Java 11
>            Reporter: Isabelle Giguere
>            Assignee: Anshum Gupta
>            Priority: Major
>         Attachments: SOLR-14569.patch, SOLR-14569.patch, SOLR-14569.patch, curl_requests-responses.txt, security.json, security.json, solr.log, solr_conf.zip, updated_solr_conf.zip
>
>
> The issue was first noticed on an instance of Solr 8.5.0, after securing Solr with security.json.
> Searching on a single collection returns the expected results, but searching on an alias returns HTTP 401.
> *Note that this issue is not reproduced when the collections are created using the _default configuration.*
> Update: Fast-forward to this comment for the reason why: https://issues.apache.org/jira/browse/SOLR-14569?focusedCommentId=17136195&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17136195
> The attached patch includes a unit test to query on an alias.  *Fixed and updated as per [~gerlowskija]' comments*
>  *Patch applies on master branch (9x)*.
> The unit test is added to the test class that was originally part of the patch to fix SOLR-13510.
> Update: Unit tests fail if sharHandlerFactory is added to the requestHandler in configset cloud-minimal
> I also attach:
>  - our product-specific Solr configuration, modified to remove irrelevant plugins and fields
>  - security.json with user 'admin' (pwd 'admin')
>  -- Note that forwardCredentials true or false does not modify the behavior
> To test with attached configuration solr_conf.zip or updated_solr_conf.zip:
>  - Download and unzip Solr 8.5.0
>  - Modify ./bin/solr.in.sh :
>  -- ZK_HOST (optional)
>  -- SOLR_AUTH_TYPE="basic"
>  -- SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
>  - Upload security.json into Zookeeper
>  -- ./bin/solr zk cp [file:/path/to/security.json|file:///path/to/security.json] zk:/path/to/solr/security.json [-z <zk_host>:<zk_port>[/<solr>]]
>  - Start Solr in cloud mode
>  -- ./bin/solr -c
>  - Upload the provided configuration
>  - ./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d /path/to/folder/conf/
>  - Create 2 collections using the uploaded configuration
>  -- test1, test2
>  - Create an alias grouping the 2 collections
>  -- test = test1, test2
>  - Query (/select?q=*:*) one collection
>  -- results in successful Solr response
>  - Query the alias (/select?q=*:*)
>  -- results in HTTP 401
> There is no need to add documents to observe the issue.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org