[jira] [Resolved] (SOLR-8355) RuleBasedAuthenticationPlugin doesn't work with update permission enabled
[
https://issues.apache.org/jira/browse/SOLR-8355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Varun Thacker resolved SOLR-8355.
-
Resolution: Fixed
> RuleBasedAuthenticationPlugin doesn't work with update permission enabled
> -
>
> Key: SOLR-8355
> URL: https://issues.apache.org/jira/browse/SOLR-8355
> Project: Solr
> Issue Type: Bug
> Components: security
>Affects Versions: 5.3, 5.3.1
>Reporter: Anshum Gupta
>Assignee: Anshum Gupta
>Priority: Blocker
> Labels: BasicAuth, authorization-plugin
> Fix For: 6.0, 5.4, 5.3.2
>
> Attachments: SOLR-8355.patch
>
>
> Here are the steps that recreate this issue. I tried this on Solr 5.4 and I
> had the following stack trace when I issued an ADDREPLICA. This seems pretty
> similar to what we saw on SOLR-8326 so it might be just something we missed
> but we should make sure that we ship 5.4 with this fixed.
> #Upload Security Conf
> server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd putfile
> /security.json ~/security.json
> #Start Solr
> bin/solr start -e cloud -z localhost:2181
> #Collection Admin Edit Command:
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-permission" :
> {"name":"collection-admin-edit", "role":"admin"}}'
> #Read User and permission:
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-permission" : {"name":"read",
> "role":"read"}}'
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-permission" : {"name":"update",
> "role":"update"]}}'
> #Add Users
> #Read User
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H
> 'Content-type:application/json' -d '{"set-user" : {"solrread":"solrRocks"}}'
> #Update user
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H
> 'Content-type:application/json' -d '{"set-user" : {"solrupdate":"solrRocks"}}'
> #Set user roles
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-user-role" :
> {"solrupdate":["read","update"]}}'
> #Read User
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-user-role" : {"solrread":["read"]}}'
> #Create collection
> curl --user solr:SolrRocks
> 'http://localhost:8983/solr/admin/collections?action=CREATE=a=1=1=gettingstarted=json'
> #Add Replica
> curl --user solr:SolrRocks
> 'http://localhost:8983/solr/admin/collections?action=ADDREPLICA=a=shard1=json'
> Exception log:
> INFO - 2015-12-01 04:57:47.022; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Starting
> Replication Recovery.
> INFO - 2015-12-01 04:57:47.023; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Attempting to
> replicate from http://172.20.10.4:7574/solr/a_shard1_replica1/.
> ERROR - 2015-12-01 04:57:47.027; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.common.SolrException; Error while trying
> to
> recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> Error from server at http://172.20.10.4:7574/solr/a_shard1_replica1: Expected
> mime type application/octet-stream but got text/html.
>
>
> Error 401 Unauthorized request, Response code: 401
>
> HTTP ERROR 401
> Problem accessing /solr/a_shard1_replica1/update. Reason:
> Unauthorized request, Response code:
> 401Powered by Jetty://
>
>
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:542)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:240)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:229)
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:150)
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:167)
> at
> org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:205)
> at
> org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:145)
> at
> org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:436)
> at org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:225)
> INFO - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.update.UpdateLog; Dropping buffered
> updates FSUpdateLog{state=BUFFERING, tlog=null}
> ERROR - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2]
[jira] [Resolved] (SOLR-8355) RuleBasedAuthenticationPlugin doesn't work with update permission enabled
[
https://issues.apache.org/jira/browse/SOLR-8355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anshum Gupta resolved SOLR-8355.
Resolution: Fixed
> RuleBasedAuthenticationPlugin doesn't work with update permission enabled
> -
>
> Key: SOLR-8355
> URL: https://issues.apache.org/jira/browse/SOLR-8355
> Project: Solr
> Issue Type: Bug
> Components: security
>Affects Versions: 5.3, 5.3.1
>Reporter: Anshum Gupta
>Assignee: Anshum Gupta
>Priority: Blocker
> Labels: authorization-plugin
> Fix For: 5.3.2, Trunk, 5.4
>
> Attachments: SOLR-8355.patch
>
>
> Here are the steps that recreate this issue. I tried this on Solr 5.4 and I
> had the following stack trace when I issued an ADDREPLICA. This seems pretty
> similar to what we saw on SOLR-8326 so it might be just something we missed
> but we should make sure that we ship 5.4 with this fixed.
> #Upload Security Conf
> server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd putfile
> /security.json ~/security.json
> #Start Solr
> bin/solr start -e cloud -z localhost:2181
> #Collection Admin Edit Command:
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-permission" :
> {"name":"collection-admin-edit", "role":"admin"}}'
> #Read User and permission:
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-permission" : {"name":"read",
> "role":"read"}}'
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-permission" : {"name":"update",
> "role":"update"]}}'
> #Add Users
> #Read User
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H
> 'Content-type:application/json' -d '{"set-user" : {"solrread":"solrRocks"}}'
> #Update user
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H
> 'Content-type:application/json' -d '{"set-user" : {"solrupdate":"solrRocks"}}'
> #Set user roles
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-user-role" :
> {"solrupdate":["read","update"]}}'
> #Read User
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-user-role" : {"solrread":["read"]}}'
> #Create collection
> curl --user solr:SolrRocks
> 'http://localhost:8983/solr/admin/collections?action=CREATE=a=1=1=gettingstarted=json'
> #Add Replica
> curl --user solr:SolrRocks
> 'http://localhost:8983/solr/admin/collections?action=ADDREPLICA=a=shard1=json'
> Exception log:
> INFO - 2015-12-01 04:57:47.022; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Starting
> Replication Recovery.
> INFO - 2015-12-01 04:57:47.023; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Attempting to
> replicate from http://172.20.10.4:7574/solr/a_shard1_replica1/.
> ERROR - 2015-12-01 04:57:47.027; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.common.SolrException; Error while trying
> to
> recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> Error from server at http://172.20.10.4:7574/solr/a_shard1_replica1: Expected
> mime type application/octet-stream but got text/html.
>
>
> Error 401 Unauthorized request, Response code: 401
>
> HTTP ERROR 401
> Problem accessing /solr/a_shard1_replica1/update. Reason:
> Unauthorized request, Response code:
> 401Powered by Jetty://
>
>
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:542)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:240)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:229)
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:150)
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:167)
> at
> org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:205)
> at
> org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:145)
> at
> org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:436)
> at org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:225)
> INFO - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.update.UpdateLog; Dropping buffered
> updates FSUpdateLog{state=BUFFERING, tlog=null}
> ERROR - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2]
[jira] [Resolved] (SOLR-8355) RuleBasedAuthenticationPlugin doesn't work with update permission enabled
[
https://issues.apache.org/jira/browse/SOLR-8355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul resolved SOLR-8355.
--
Resolution: Fixed
Fix Version/s: Trunk
> RuleBasedAuthenticationPlugin doesn't work with update permission enabled
> -
>
> Key: SOLR-8355
> URL: https://issues.apache.org/jira/browse/SOLR-8355
> Project: Solr
> Issue Type: Bug
> Components: security
>Affects Versions: 5.3, 5.3.1
>Reporter: Anshum Gupta
>Assignee: Noble Paul
>Priority: Blocker
> Labels: authorization-plugin
> Fix For: 5.4, Trunk
>
> Attachments: SOLR-8355.patch
>
>
> Here are the steps that recreate this issue. I tried this on Solr 5.4 and I
> had the following stack trace when I issued an ADDREPLICA. This seems pretty
> similar to what we saw on SOLR-8326 so it might be just something we missed
> but we should make sure that we ship 5.4 with this fixed.
> #Upload Security Conf
> server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd putfile
> /security.json ~/security.json
> #Start Solr
> bin/solr start -e cloud -z localhost:2181
> #Collection Admin Edit Command:
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-permission" :
> {"name":"collection-admin-edit", "role":"admin"}}'
> #Read User and permission:
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-permission" : {"name":"read",
> "role":"read"}}'
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-permission" : {"name":"update",
> "role":"update"]}}'
> #Add Users
> #Read User
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H
> 'Content-type:application/json' -d '{"set-user" : {"solrread":"solrRocks"}}'
> #Update user
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H
> 'Content-type:application/json' -d '{"set-user" : {"solrupdate":"solrRocks"}}'
> #Set user roles
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-user-role" :
> {"solrupdate":["read","update"]}}'
> #Read User
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H
> 'Content-type:application/json' -d '{"set-user-role" : {"solrread":["read"]}}'
> #Create collection
> curl --user solr:SolrRocks
> 'http://localhost:8983/solr/admin/collections?action=CREATE=a=1=1=gettingstarted=json'
> #Add Replica
> curl --user solr:SolrRocks
> 'http://localhost:8983/solr/admin/collections?action=ADDREPLICA=a=shard1=json'
> Exception log:
> INFO - 2015-12-01 04:57:47.022; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Starting
> Replication Recovery.
> INFO - 2015-12-01 04:57:47.023; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Attempting to
> replicate from http://172.20.10.4:7574/solr/a_shard1_replica1/.
> ERROR - 2015-12-01 04:57:47.027; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.common.SolrException; Error while trying
> to
> recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> Error from server at http://172.20.10.4:7574/solr/a_shard1_replica1: Expected
> mime type application/octet-stream but got text/html.
>
>
> Error 401 Unauthorized request, Response code: 401
>
> HTTP ERROR 401
> Problem accessing /solr/a_shard1_replica1/update. Reason:
> Unauthorized request, Response code:
> 401Powered by Jetty://
>
>
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:542)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:240)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:229)
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:150)
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:167)
> at
> org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:205)
> at
> org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:145)
> at
> org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:436)
> at org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:225)
> INFO - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2
> x:a_shard1_replica2] org.apache.solr.update.UpdateLog; Dropping buffered
> updates FSUpdateLog{state=BUFFERING, tlog=null}
> ERROR - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2
>
