[
https://issues.apache.org/jira/browse/SOLR-16197?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
pgnd updated SOLR-16197:
------------------------
Description:
on
{{ lsb_release -rd}}
{{ Description: Fedora release 36 (Thirty Six)}}
{{ Release: 36}}{{ java -version}}
{{ Picked up JAVA_TOOL_OPTIONS: -Xmx512M}}
{{ openjdk version "18.0.1" 2022-04-19}}
{{ OpenJDK Runtime Environment 22.3 (build 18.0.1+10)}}
{{ OpenJDK 64-Bit Server VM 22.3 (build 18.0.1+10, mixed mode, sharing)}}
{{i've clean-installed solr 9.0.0}}
{{ sudo -u solr /srv/webapps/solr/solr/bin/solr version}}
{{ 9.0.0}}
it's up/running
{{ systemctl status solr}}
{{ ● solr.service - LSB: Controls Apache Solr as a Service}}
{{ Loaded: loaded (/etc/rc.d/init.d/solr; generated)}}
{{ Active: active (exited) since Fri 2022-05-13 06:22:40 EDT; 2min 54s
ago}}
{{ Docs: man:systemd-sysv-generator(8)}}
{{ Process: 56877 ExecStart=/etc/rc.d/init.d/solr start (code=exited,
status=0/SUCCESS)}}
{{ CPU: 43ms}}
with no user/auth security,
ls -al /data/solr/data/security.json
ls: cannot access '/data/solr/data/security.json': No such file or
directory
nav to & admin @,
https:///solr.example.com:8983/solr
works as expected.
deploying user BasicAuth security
https://solr.apache.org/guide/solr/latest/deployment-guide/basic-authentication-plugin.html
with
MY_USER_PASS="aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22"
MY_USER_HASH=$( echo -n $MY_USER_PASS | shasum -a 256 | awk '\{print $1}' |
tr -d ' ')
echo $MY_USER_HASH
79a054509e27e20b16fb85caf221ac8d488168afa6715f2543d761269a72d832
and
egrep "Dbasicauth|SOLR_LOG_LEVEL" /etc/default/solr.in.sh
SOLR_LOG_LEVEL=DEBUG
SOLR_AUTHENTICATION_OPTS="-Dbasicauth=testuser:aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22"
and
cat /data/solr/data/security.json
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":\{"testuser":"79a054509e27e20b16fb85caf221ac8d488168afa6715f2543d761269a72d832"},
"realm":"MyRealm Solr",
"forwardCredentials": false
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[{"name":"security-edit",
"role":"admin"}],
"user-role":\{"solr":"admin"}
}}
nav to:
https:///solr.example.com:8983/solr
returns the expected
Basic Authentication
form.
entering credentials
username: testuser
password: aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22
fails with
Basic Authentication
Unauthorized
Solr requires authentication for resource Dashboard.
Please log in with your username and password for realm MyRealm Solr.
and DEBUG logs,
--> https://pastebin.com/raw/aHVCgGKF
there, this looks possibly suspect,
...
2022-05-13 06:33:00.651 DEBUG (qtp1777443462-23) []
o.a.s.s.SolrDispatchFilter Request to authenticate:
org.apache.solr.servlet.ServletUtils$1@3acaf4f, domain: 10.1.1.27, port: 8983
2022-05-13 06:33:00.656 DEBUG (qtp1777443462-22) []
o.a.s.s.SolrDispatchFilter Request to authenticate:
org.apache.solr.servlet.ServletUtils$1@540dbd19, domain: 10.1.1.27, port: 8983
2022-05-13 06:33:00.660 DEBUG (qtp1777443462-23) []
o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization header
2022-05-13 06:33:00.650 DEBUG (qtp1777443462-20) []
o.a.s.s.SolrDispatchFilter Request to authenticate:
org.apache.solr.servlet.ServletUtils$1@7e6b57df, domain: 10.1.1.27, port: 8983
2022-05-13 06:33:00.661 DEBUG (qtp1777443462-20) []
o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization header
2022-05-13 06:33:00.662 DEBUG (qtp1777443462-20) []
o.a.s.s.BasicAuthPlugin Prefixing WWW-Authenticate header for Basic Auth with
'x' to prevent browser basic auth popup
?? 2022-05-13 06:33:00.663 DEBUG (qtp1777443462-22) []
o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization header
?? 2022-05-13 06:33:00.663 DEBUG (qtp1777443462-22) []
o.a.s.s.BasicAuthPlugin Prefixing WWW-Authenticate header for Basic Auth with
'x' to prevent browser basic auth popup
2022-05-13 06:33:00.667 DEBUG (qtp1777443462-22) []
o.e.j.s.HttpChannelState sendError HttpChannelState@191ce1ad\{s=HANDLING
rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0}
...
dropping back to solr 8x, i've no issues with basicauth.
is my config wrong for 9x? known issue? other?
was:
on
```
lsb_release -rd
Description: Fedora release 36 (Thirty Six)
Release: 36
java -version
Picked up JAVA_TOOL_OPTIONS: -Xmx512M
openjdk version "18.0.1" 2022-04-19
OpenJDK Runtime Environment 22.3 (build 18.0.1+10)
OpenJDK 64-Bit Server VM 22.3 (build 18.0.1+10, mixed mode, sharing)
```
i've clean-installed solr 9.0.0
sudo -u solr /srv/webapps/solr/solr/bin/solr version
9.0.0
it's up/running
systemctl status solr
● solr.service - LSB: Controls Apache Solr as a Service
Loaded: loaded (/etc/rc.d/init.d/solr; generated)
Active: active (exited) since Fri 2022-05-13 06:22:40 EDT; 2min 54s ago
Docs: man:systemd-sysv-generator(8)
Process: 56877 ExecStart=/etc/rc.d/init.d/solr start (code=exited,
status=0/SUCCESS)
CPU: 43ms
with no user/auth security,
ls -al /data/solr/data/security.json
ls: cannot access '/data/solr/data/security.json': No such file or
directory
nav to & admin @,
https:///solr.example.com:8983/solr
works as expected.
deploying user BasicAuth security
https://solr.apache.org/guide/solr/latest/deployment-guide/basic-authentication-plugin.html
with
MY_USER_PASS="aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22"
MY_USER_HASH=$( echo -n $MY_USER_PASS | shasum -a 256 | awk '{print $1}' |
tr -d ' ')
echo $MY_USER_HASH
79a054509e27e20b16fb85caf221ac8d488168afa6715f2543d761269a72d832
and
egrep "Dbasicauth|SOLR_LOG_LEVEL" /etc/default/solr.in.sh
SOLR_LOG_LEVEL=DEBUG
SOLR_AUTHENTICATION_OPTS="-Dbasicauth=testuser:aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22"
and
cat /data/solr/data/security.json
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"testuser":"79a054509e27e20b16fb85caf221ac8d488168afa6715f2543d761269a72d832"},
"realm":"MyRealm Solr",
"forwardCredentials": false
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[{"name":"security-edit",
"role":"admin"}],
"user-role":{"solr":"admin"}
}}
nav to:
https:///solr.example.com:8983/solr
returns the expected
Basic Authentication
form.
entering credentials
username: testuser
password: aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22
fails with
Basic Authentication
Unauthorized
Solr requires authentication for resource Dashboard.
Please log in with your username and password for realm MyRealm Solr.
and DEBUG logs,
--> https://pastebin.com/raw/aHVCgGKF
there, this looks possibly suspect,
...
2022-05-13 06:33:00.651 DEBUG (qtp1777443462-23) []
o.a.s.s.SolrDispatchFilter Request to authenticate:
org.apache.solr.servlet.ServletUtils$1@3acaf4f, domain: 10.1.1.27, port: 8983
2022-05-13 06:33:00.656 DEBUG (qtp1777443462-22) []
o.a.s.s.SolrDispatchFilter Request to authenticate:
org.apache.solr.servlet.ServletUtils$1@540dbd19, domain: 10.1.1.27, port: 8983
2022-05-13 06:33:00.660 DEBUG (qtp1777443462-23) []
o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization header
2022-05-13 06:33:00.650 DEBUG (qtp1777443462-20) []
o.a.s.s.SolrDispatchFilter Request to authenticate:
org.apache.solr.servlet.ServletUtils$1@7e6b57df, domain: 10.1.1.27, port: 8983
2022-05-13 06:33:00.661 DEBUG (qtp1777443462-20) []
o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization header
2022-05-13 06:33:00.662 DEBUG (qtp1777443462-20) []
o.a.s.s.BasicAuthPlugin Prefixing WWW-Authenticate header for Basic Auth with
'x' to prevent browser basic auth popup
?? 2022-05-13 06:33:00.663 DEBUG (qtp1777443462-22) []
o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization header
?? 2022-05-13 06:33:00.663 DEBUG (qtp1777443462-22) []
o.a.s.s.BasicAuthPlugin Prefixing WWW-Authenticate header for Basic Auth with
'x' to prevent browser basic auth popup
2022-05-13 06:33:00.667 DEBUG (qtp1777443462-22) []
o.e.j.s.HttpChannelState sendError HttpChannelState@191ce1ad{s=HANDLING
rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0}
...
dropping back to solr 8x, i've no issues with basicauth.
> solr 8x -> 9.0.0 upgrade; BasicAuth security FAILs @ "o.a.s.s.BasicAuthPlugin
> Bad auth credentials supplied in Authorization header"
> -------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-16197
> URL: https://issues.apache.org/jira/browse/SOLR-16197
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Affects Versions: 9.0
> Reporter: pgnd
> Priority: Major
> Labels: BasicAuth, authentication, upgrade
>
> on
> {{ lsb_release -rd}}
> {{ Description: Fedora release 36 (Thirty Six)}}
> {{ Release: 36}}{{ java -version}}
> {{ Picked up JAVA_TOOL_OPTIONS: -Xmx512M}}
> {{ openjdk version "18.0.1" 2022-04-19}}
> {{ OpenJDK Runtime Environment 22.3 (build 18.0.1+10)}}
> {{ OpenJDK 64-Bit Server VM 22.3 (build 18.0.1+10, mixed mode,
> sharing)}}
>
> {{i've clean-installed solr 9.0.0}}
> {{ sudo -u solr /srv/webapps/solr/solr/bin/solr version}}
> {{ 9.0.0}}
> it's up/running
> {{ systemctl status solr}}
> {{ ● solr.service - LSB: Controls Apache Solr as a Service}}
> {{ Loaded: loaded (/etc/rc.d/init.d/solr; generated)}}
> {{ Active: active (exited) since Fri 2022-05-13 06:22:40 EDT; 2min
> 54s ago}}
> {{ Docs: man:systemd-sysv-generator(8)}}
> {{ Process: 56877 ExecStart=/etc/rc.d/init.d/solr start (code=exited,
> status=0/SUCCESS)}}
> {{ CPU: 43ms}}
> with no user/auth security,
> ls -al /data/solr/data/security.json
> ls: cannot access '/data/solr/data/security.json': No such file or
> directory
> nav to & admin @,
> https:///solr.example.com:8983/solr
> works as expected.
> deploying user BasicAuth security
>
> https://solr.apache.org/guide/solr/latest/deployment-guide/basic-authentication-plugin.html
> with
> MY_USER_PASS="aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22"
> MY_USER_HASH=$( echo -n $MY_USER_PASS | shasum -a 256 | awk '\{print $1}'
> | tr -d ' ')
> echo $MY_USER_HASH
> 79a054509e27e20b16fb85caf221ac8d488168afa6715f2543d761269a72d832
> and
> egrep "Dbasicauth|SOLR_LOG_LEVEL" /etc/default/solr.in.sh
> SOLR_LOG_LEVEL=DEBUG
>
> SOLR_AUTHENTICATION_OPTS="-Dbasicauth=testuser:aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22"
> and
> cat /data/solr/data/security.json
> {
> "authentication":{
> "blockUnknown": true,
> "class":"solr.BasicAuthPlugin",
>
> "credentials":\{"testuser":"79a054509e27e20b16fb85caf221ac8d488168afa6715f2543d761269a72d832"},
> "realm":"MyRealm Solr",
> "forwardCredentials": false
> },
> "authorization":{
> "class":"solr.RuleBasedAuthorizationPlugin",
> "permissions":[{"name":"security-edit",
> "role":"admin"}],
> "user-role":\{"solr":"admin"}
> }}
> nav to:
> https:///solr.example.com:8983/solr
> returns the expected
> Basic Authentication
> form.
> entering credentials
> username: testuser
> password: aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22
> fails with
> Basic Authentication
> Unauthorized
> Solr requires authentication for resource Dashboard.
> Please log in with your username and password for realm MyRealm Solr.
> and DEBUG logs,
> --> https://pastebin.com/raw/aHVCgGKF
> there, this looks possibly suspect,
> ...
> 2022-05-13 06:33:00.651 DEBUG (qtp1777443462-23) []
> o.a.s.s.SolrDispatchFilter Request to authenticate:
> org.apache.solr.servlet.ServletUtils$1@3acaf4f, domain: 10.1.1.27, port: 8983
> 2022-05-13 06:33:00.656 DEBUG (qtp1777443462-22) []
> o.a.s.s.SolrDispatchFilter Request to authenticate:
> org.apache.solr.servlet.ServletUtils$1@540dbd19, domain: 10.1.1.27, port: 8983
> 2022-05-13 06:33:00.660 DEBUG (qtp1777443462-23) []
> o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization header
> 2022-05-13 06:33:00.650 DEBUG (qtp1777443462-20) []
> o.a.s.s.SolrDispatchFilter Request to authenticate:
> org.apache.solr.servlet.ServletUtils$1@7e6b57df, domain: 10.1.1.27, port: 8983
> 2022-05-13 06:33:00.661 DEBUG (qtp1777443462-20) []
> o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization header
> 2022-05-13 06:33:00.662 DEBUG (qtp1777443462-20) []
> o.a.s.s.BasicAuthPlugin Prefixing WWW-Authenticate header for Basic Auth with
> 'x' to prevent browser basic auth popup
> ?? 2022-05-13 06:33:00.663 DEBUG (qtp1777443462-22) []
> o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization header
> ?? 2022-05-13 06:33:00.663 DEBUG (qtp1777443462-22) []
> o.a.s.s.BasicAuthPlugin Prefixing WWW-Authenticate header for Basic Auth with
> 'x' to prevent browser basic auth popup
> 2022-05-13 06:33:00.667 DEBUG (qtp1777443462-22) []
> o.e.j.s.HttpChannelState sendError HttpChannelState@191ce1ad\{s=HANDLING
> rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0}
> ...
> dropping back to solr 8x, i've no issues with basicauth.
> is my config wrong for 9x? known issue? other?
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
