[jira] [Resolved] (SOLR-8355) RuleBasedAuthenticationPlugin doesn't work with update permission enabled
[ https://issues.apache.org/jira/browse/SOLR-8355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Varun Thacker resolved SOLR-8355. - Resolution: Fixed > RuleBasedAuthenticationPlugin doesn't work with update permission enabled > - > > Key: SOLR-8355 > URL: https://issues.apache.org/jira/browse/SOLR-8355 > Project: Solr > Issue Type: Bug > Components: security >Affects Versions: 5.3, 5.3.1 >Reporter: Anshum Gupta >Assignee: Anshum Gupta >Priority: Blocker > Labels: BasicAuth, authorization-plugin > Fix For: 6.0, 5.4, 5.3.2 > > Attachments: SOLR-8355.patch > > > Here are the steps that recreate this issue. I tried this on Solr 5.4 and I > had the following stack trace when I issued an ADDREPLICA. This seems pretty > similar to what we saw on SOLR-8326 so it might be just something we missed > but we should make sure that we ship 5.4 with this fixed. > #Upload Security Conf > server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd putfile > /security.json ~/security.json > #Start Solr > bin/solr start -e cloud -z localhost:2181 > #Collection Admin Edit Command: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-permission" : > {"name":"collection-admin-edit", "role":"admin"}}' > #Read User and permission: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-permission" : {"name":"read", > "role":"read"}}' > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-permission" : {"name":"update", > "role":"update"]}}' > #Add Users > #Read User > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{"set-user" : {"solrread":"solrRocks"}}' > #Update user > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{"set-user" : {"solrupdate":"solrRocks"}}' > #Set user roles > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-user-role" : > {"solrupdate":["read","update"]}}' > #Read User > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-user-role" : {"solrread":["read"]}}' > #Create collection > curl --user solr:SolrRocks > 'http://localhost:8983/solr/admin/collections?action=CREATE=a=1=1=gettingstarted=json' > #Add Replica > curl --user solr:SolrRocks > 'http://localhost:8983/solr/admin/collections?action=ADDREPLICA=a=shard1=json' > Exception log: > INFO - 2015-12-01 04:57:47.022; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Starting > Replication Recovery. > INFO - 2015-12-01 04:57:47.023; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Attempting to > replicate from http://172.20.10.4:7574/solr/a_shard1_replica1/. > ERROR - 2015-12-01 04:57:47.027; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.common.SolrException; Error while trying > to > recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: > Error from server at http://172.20.10.4:7574/solr/a_shard1_replica1: Expected > mime type application/octet-stream but got text/html. > > > Error 401 Unauthorized request, Response code: 401 > > HTTP ERROR 401 > Problem accessing /solr/a_shard1_replica1/update. Reason: > Unauthorized request, Response code: > 401Powered by Jetty:// > > > at > org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:542) > at > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:240) > at > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:229) > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:150) > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:167) > at > org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:205) > at > org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:145) > at > org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:436) > at org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:225) > INFO - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.update.UpdateLog; Dropping buffered > updates FSUpdateLog{state=BUFFERING, tlog=null} > ERROR - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2]
[jira] [Resolved] (SOLR-8355) RuleBasedAuthenticationPlugin doesn't work with update permission enabled
[ https://issues.apache.org/jira/browse/SOLR-8355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Anshum Gupta resolved SOLR-8355. Resolution: Fixed > RuleBasedAuthenticationPlugin doesn't work with update permission enabled > - > > Key: SOLR-8355 > URL: https://issues.apache.org/jira/browse/SOLR-8355 > Project: Solr > Issue Type: Bug > Components: security >Affects Versions: 5.3, 5.3.1 >Reporter: Anshum Gupta >Assignee: Anshum Gupta >Priority: Blocker > Labels: authorization-plugin > Fix For: 5.3.2, Trunk, 5.4 > > Attachments: SOLR-8355.patch > > > Here are the steps that recreate this issue. I tried this on Solr 5.4 and I > had the following stack trace when I issued an ADDREPLICA. This seems pretty > similar to what we saw on SOLR-8326 so it might be just something we missed > but we should make sure that we ship 5.4 with this fixed. > #Upload Security Conf > server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd putfile > /security.json ~/security.json > #Start Solr > bin/solr start -e cloud -z localhost:2181 > #Collection Admin Edit Command: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-permission" : > {"name":"collection-admin-edit", "role":"admin"}}' > #Read User and permission: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-permission" : {"name":"read", > "role":"read"}}' > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-permission" : {"name":"update", > "role":"update"]}}' > #Add Users > #Read User > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{"set-user" : {"solrread":"solrRocks"}}' > #Update user > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{"set-user" : {"solrupdate":"solrRocks"}}' > #Set user roles > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-user-role" : > {"solrupdate":["read","update"]}}' > #Read User > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-user-role" : {"solrread":["read"]}}' > #Create collection > curl --user solr:SolrRocks > 'http://localhost:8983/solr/admin/collections?action=CREATE=a=1=1=gettingstarted=json' > #Add Replica > curl --user solr:SolrRocks > 'http://localhost:8983/solr/admin/collections?action=ADDREPLICA=a=shard1=json' > Exception log: > INFO - 2015-12-01 04:57:47.022; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Starting > Replication Recovery. > INFO - 2015-12-01 04:57:47.023; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Attempting to > replicate from http://172.20.10.4:7574/solr/a_shard1_replica1/. > ERROR - 2015-12-01 04:57:47.027; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.common.SolrException; Error while trying > to > recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: > Error from server at http://172.20.10.4:7574/solr/a_shard1_replica1: Expected > mime type application/octet-stream but got text/html. > > > Error 401 Unauthorized request, Response code: 401 > > HTTP ERROR 401 > Problem accessing /solr/a_shard1_replica1/update. Reason: > Unauthorized request, Response code: > 401Powered by Jetty:// > > > at > org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:542) > at > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:240) > at > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:229) > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:150) > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:167) > at > org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:205) > at > org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:145) > at > org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:436) > at org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:225) > INFO - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.update.UpdateLog; Dropping buffered > updates FSUpdateLog{state=BUFFERING, tlog=null} > ERROR - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2]
[jira] [Resolved] (SOLR-8355) RuleBasedAuthenticationPlugin doesn't work with update permission enabled
[ https://issues.apache.org/jira/browse/SOLR-8355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Noble Paul resolved SOLR-8355. -- Resolution: Fixed Fix Version/s: Trunk > RuleBasedAuthenticationPlugin doesn't work with update permission enabled > - > > Key: SOLR-8355 > URL: https://issues.apache.org/jira/browse/SOLR-8355 > Project: Solr > Issue Type: Bug > Components: security >Affects Versions: 5.3, 5.3.1 >Reporter: Anshum Gupta >Assignee: Noble Paul >Priority: Blocker > Labels: authorization-plugin > Fix For: 5.4, Trunk > > Attachments: SOLR-8355.patch > > > Here are the steps that recreate this issue. I tried this on Solr 5.4 and I > had the following stack trace when I issued an ADDREPLICA. This seems pretty > similar to what we saw on SOLR-8326 so it might be just something we missed > but we should make sure that we ship 5.4 with this fixed. > #Upload Security Conf > server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd putfile > /security.json ~/security.json > #Start Solr > bin/solr start -e cloud -z localhost:2181 > #Collection Admin Edit Command: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-permission" : > {"name":"collection-admin-edit", "role":"admin"}}' > #Read User and permission: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-permission" : {"name":"read", > "role":"read"}}' > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-permission" : {"name":"update", > "role":"update"]}}' > #Add Users > #Read User > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{"set-user" : {"solrread":"solrRocks"}}' > #Update user > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{"set-user" : {"solrupdate":"solrRocks"}}' > #Set user roles > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-user-role" : > {"solrupdate":["read","update"]}}' > #Read User > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H > 'Content-type:application/json' -d '{"set-user-role" : {"solrread":["read"]}}' > #Create collection > curl --user solr:SolrRocks > 'http://localhost:8983/solr/admin/collections?action=CREATE=a=1=1=gettingstarted=json' > #Add Replica > curl --user solr:SolrRocks > 'http://localhost:8983/solr/admin/collections?action=ADDREPLICA=a=shard1=json' > Exception log: > INFO - 2015-12-01 04:57:47.022; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Starting > Replication Recovery. > INFO - 2015-12-01 04:57:47.023; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy; Attempting to > replicate from http://172.20.10.4:7574/solr/a_shard1_replica1/. > ERROR - 2015-12-01 04:57:47.027; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.common.SolrException; Error while trying > to > recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: > Error from server at http://172.20.10.4:7574/solr/a_shard1_replica1: Expected > mime type application/octet-stream but got text/html. > > > Error 401 Unauthorized request, Response code: 401 > > HTTP ERROR 401 > Problem accessing /solr/a_shard1_replica1/update. Reason: > Unauthorized request, Response code: > 401Powered by Jetty:// > > > at > org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:542) > at > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:240) > at > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:229) > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:150) > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:167) > at > org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:205) > at > org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:145) > at > org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:436) > at org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:225) > INFO - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2 > x:a_shard1_replica2] org.apache.solr.update.UpdateLog; Dropping buffered > updates FSUpdateLog{state=BUFFERING, tlog=null} > ERROR - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2 >