Samir Huremovic created SOLR-15235:
--------------------------------------
Summary: Distributed search with index sharding is not working
with basic authentication plugin enabled
Key: SOLR-15235
URL: https://issues.apache.org/jira/browse/SOLR-15235
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: Authentication
Affects Versions: 8.8.1, 8.7
Environment: Arch Linux, zulu JDK 11, Solr 8.8.1
Reporter: Samir Huremovic
Steps to reproduce (from
https://solr.apache.org/guide/8_8/distributed-search-with-index-sharding.html)
1. Create two local servers and index two files as described in the docs.
2. Check that search is working as described in the docs.
3. Stop the instances.
4. Add {{security.json}} for both nodes with configuration for auth plugin, for
example
{{{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="},
"realm":"My Solr users",
"forwardCredentials": false
}}}}
5. Add both nodes to the {{shardsWhitelist}} in both node's {{solr.xml}}, e.g.
{{example/nodes/node1/solr.xml}}:
{{
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
<int name="socketTimeout">${socketTimeout:600000}</int>
<int name="connTimeout">${connTimeout:60000}</int>
<str name="shardsWhitelist">localhost:8984,localhost:8985</str>
</shardHandlerFactory>
}}
6. Start both nodes again.
7. Try searching on a single node, should work: {{curl --user solr:SolrRocks
"http://localhost:8984/solr/core1/select?q=*:*&wt=xml&indent=true"}}
8. Try distributed search on both nodes, should not work anymore:
{{//localhost:8984/solr/core1/select?q=*:*&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"}}
Error:
{{
❯ curl --user solr:SolrRocks
"http://localhost:8984/solr/core1/select?q=*:*&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml";
<?xml version="1.0" encoding="UTF-8"?>
<response>
<lst name="responseHeader">
<int name="status">401</int>
<int name="QTime">173</int>
<lst name="params">
<str name="q">*:*</str>
<str name="shards">localhost:8985/solr/core1,localhost:8984/solr/core1</str>
<str name="indent">true</str>
<str name="fl">id,name</str>
<str name="wt">xml</str>
</lst>
</lst>
<lst name="error">
<lst name="metadata">
<str
name="error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
<str
name="root-error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
</lst>
<str name="msg">Error from server at null: Expected mime type
application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 require authentication</title>
</head>
<body><h2>HTTP ERROR 401 require authentication</h2>
<table>
<tr><th>URI:</th><td>/solr/core1/select</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>require
authentication</td></tr>
<tr><th>SERVLET:</th><td>default</td></tr>
</table>
</body>
</html>
</str>
<int name="code">401</int>
</lst>
</response>
}}
Please adjust the priority if needed, for us this means we cannot use Solr with
basic auth enabled, which means cannot use it at all in cases where it is a
requirement.
I have linked a related issue that seems to be similar. I have applied the
patch from that issue to 8.8.1 and it did not help in my case, therefore I
think it is not the exact same issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
