[
https://issues.apache.org/jira/browse/SOLR-13463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16838302#comment-16838302
]
Vinodh commented on SOLR-13463:
-------------------------------
Hi Jan,
I stored username and password in a file as *user:password* format and used
"*-Dsolr.httpclient.config=*" property to defined the location of the file. But
with this property, I'm getting below error while start solr nodes. Are you
referring to this way of storing the password or anything else? Can you please
also let me how to achieve what you had mentioned in your comment "we could
also add a default redaction of basicauth property like we do for* password* " ?
Exception in thread "main" java.lang.ExceptionInInitializerError
at org.apache.solr.util.SolrCLI.getHttpClient(SolrCLI.java:598)
at org.apache.solr.util.SolrCLI$StatusTool.getStatus(SolrCLI.java:924)
at org.apache.solr.util.SolrCLI$StatusTool.runImpl(SolrCLI.java:880)
at org.apache.solr.util.SolrCLI$ToolBase.runTool(SolrCLI.java:177)
at org.apache.solr.util.SolrCLI.main(SolrCLI.java:283)
Caused by: java.lang.IllegalArgumentException: username & password must be
specified with
org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory
at
org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory.initHttpClientBuilder(PreemptiveBasicAuthClientBuilderFactory.java:117)
at
org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory.getHttpClientBuilder(PreemptiveBasicAuthClientBuilderFactory.java:109)
at
org.apache.solr.client.solrj.impl.HttpClientUtil.<clinit>(HttpClientUtil.java:155)
> Solr admin user credentials defined with -Dbasicauth property during start is
> visible in admin UI to any user.
> --------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-13463
> URL: https://issues.apache.org/jira/browse/SOLR-13463
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Admin UI
> Affects Versions: 7.7.1
> Environment: QA
> Reporter: Vinodh
> Priority: Major
> Labels: admin-interface, credentials
>
> We have configured Solr basic authentication in our environment and used
> Dbasicauth property to define username:password. Since these property will be
> added to Solr startup, the Solr admin username & password details defined
> with -Dbasicauth property are displayed in plain text format to all users who
> are able to login into admin UI interface in JVM & Java properties sections.
> So even a read user who has privileges to login admin UI can able to see
> admin user username & password details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
