[
https://issues.apache.org/jira/browse/SOLR-14569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17135974#comment-17135974
]
Jason Gerlowski commented on SOLR-14569:
----------------------------------------
A quick attempt at reproducing didn't work for me. I took a few shortcuts -
used an embedded ZK, turned on auth with "bin/solr auth enable", used my own
solrconfig, etc, so maybe that's the problem. Trying a more faithful
reproduction now.
That said, I also tried out your attached unit test. It does fail with a 401,
but I think there's a bug in the test. As written, your test case calls
{{.setBasicAuthCredentials("reader", "reader")}} on the query it makes, but the
way the security.json is set up, the correct password is "solr" for both the
"reader" and the "solr" users. When I corrected that call to
setBasicAuthCredentials, the test started passing for me.
Including the updated snippet here:
{code}
@Test
public void aliasTest() throws Exception {
try (Http2SolrClient client = new
Http2SolrClient.Builder(cluster.getJettySolrRunner(0).getBaseUrl().toString())
.build()){
// Query fails for alias
for (int i = 0; i < 30; i++) {
SolrRequest request = new QueryRequest(params("q",
"*:*")).setBasicAuthCredentials("reader", "solr");
SolrResponse response = request.process(client, ALIAS);
assertNotNull(response);
assertNotNull(response.getResponse());
assertNotNull(response.getResponse().get("response"));
}
}
}
{code}
> HTTP 401 when searching on alias in secured Solr
> ------------------------------------------------
>
> Key: SOLR-14569
> URL: https://issues.apache.org/jira/browse/SOLR-14569
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Affects Versions: master (9.0), 8.5
> Environment: Unit test on master branch (9x) built on Windows 10 with
> Java 11
> Solr 8.5.0 instance running on CentOS 7.7 with Java 11
> Reporter: Isabelle Giguere
> Priority: Major
> Attachments: SOLR-14569.patch, security.json, solr_conf.zip
>
>
> The issue was first noticed on an instance of Solr 8.5.0, after securing Solr
> with security.json.
> Searching on a single collection returns the expected results, but searching
> on an alias returns HTTP 401.
> *Note that this issue is not reproduced when the collections are created
> using the _default configuration.*
> The attached patch includes a unit test that reproduces the issue.
> *Patch applies on master branch (9x)*: Do not include in the regular build !
> The test is failing to illustrate this issue.
> The unit test is added to the test class that was originally part of the
> patch to fix SOLR-13510.
> I also attach:
> - our product-specific Solr configuration, modified to remove irrelevant
> plugins and fields
> - security.json with user 'admin' (pwd 'admin')
> -- Note that forwardCredentials true or false does not modify the behavior
> To test with this configuration:
> - Download and unzip Solr 8.5.0
> - Modify ./bin/solr.in.sh :
> -- ZK_HOST (optional)
> -- SOLR_AUTH_TYPE="basic"
> -- SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
> - Upload security.json into Zookeeper
> -- ./bin/solr zk cp file:/path/to/security.json
> zk:/path/to/solr/security.json [-z <zk_host>:<zk_port>[/<solr>]]
> - Start Solr in cloud mode
> -- ./bin/solr -c
> - Upload the provided configuration
> - ./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d
> /path/to/folder/conf/
> - Create 2 collections using the uploaded configuration
> -- test1, test2
> - Create an alias grouping the 2 collections
> -- test = test1, test2
> - Query (/select?q=\*:\*) one collection
> -- results in successful Solr response
> - Query the alias (/select?q=\*:\*)
> -- results in HTTP 401
> There is no need to add documents to observe the issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
