Hi Anshum,
I encounter the same problem after I config my security.json like this:
{ "authentication":{
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"user-role":{"solr":"admin"},
"permissions":[
{ "name":"security-edit",
"role":"admin"},
{ "name":"read",
"role":"admin"},
{ "name":"update",
"role":"admin"}],
"":{"v":3}}}
I just want to restrict strangers to do select/create/update operations on my
collections and configs like schema.xml or other things related to solr itself
from both Admin UI and sorj. But it is useless and error occurs like this:
ERROR (RecoveryThread-gettingstarted_shard2_replica2) [c:gettingstarted
s:shard2 r:core_node2 x:gettingstarted_shard2_replica2]
o.a.s.c.RecoveryStrategy Error while trying to
recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
Error from server at http://(myhost):7574/solr/gettingstarted_shard2_replica1:
Expected mime type application/octet-stream but got text/html.
Error 401 Unauthorized request, Response code: 401
HTTP ERROR 401
Problem accessing /solr/gettingstarted_shard2_replica1/update. Reason:
Unauthorized request, Response code:
401Powered by Jetty://
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:528)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:234)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:226)
at
org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:135)
at
org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:152)
at
org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:207)
at
org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:147)
at
org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:437)
at
org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:227)
Error while trying to
recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
Error from server at http://(myhost):7574/solr/gettingstarted_shard2_replica1:
Expected mime type application/octet-stream but got text/html.
Kind regards
Byzen Ma
At 2015-11-19 13:46:08, "Anshum Gupta" wrote:
>Hi Craig,
>
>Just to be sure that you're using the feature as it should be used, can you
>outline what is it that you're trying to do here? There are a few things
>that aren't clear to me here, e.g. I see permissions for the /admin handler
>for a particular collection.
>
>What are the kind of permissions you're trying to set up.
>
>Solr uses it's internal PKI based mechanism for inter-shard communication
>and so you shouldn't really be hitting this. Can you check your logs and
>tell me if there are any other exceptions you see while bringing the node
>up etc. ? Something from PKI itself.
>
>About restricting the UI, there's another thread in parallel that's been
>discussing exactly that. The thing with the current UI implementation is
>that it bypasses all of this, primarily because most of that content is
>static. I am not saying we should be able to put it behind the
>authentication layer, but just that it's not currently supported through
>this plugin.
>
>On Wed, Nov 18, 2015 at 11:20 AM, Oakley, Craig (NIH/NLM/NCBI) [C] <
>craig.oak...@nih.gov> wrote:
>
>> Implementing security.json is breaking ADDREPLICA
>>
>> I have been able to reproduce this issue with minimal changes from an
>> out-of-the-box Zookeeper (3.4.6) and Solr (5.3.1): loading
>> configsets/basic_configs/conf into Zookeeper, creating the security.json
>> listed below, creating two nodes (one with a core named xmpl and one
>> without any core)- I can provide details if helpful.
>>
>> The security.json is as follows:
>>
>> {
>> "authentication":{
>> "class":"solr.BasicAuthPlugin",
>> "credentials":{
>> "solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
>> "solruser":"VgZX1TAMNHT2IJikoGdKtxQdXc+MbNwfqzf89YqcLEE=
>> 37pPWQ9v4gciIKHuTmFmN0Rv66rnlMOFEWfEy9qjJfY="},
>> "":{"v":9}},
>> "authorization":{
>> "class":"solr.RuleBasedAuthorizationPlugin",
>> "user-role":{
>> "solr":[
>> "admin",
>> "read",
>> "xmpladmin",
>> "xmplgen",
>> "xmplsel"],
>> "solruser":[
>> "read",
>> "xmplgen",
>> "xmplsel"]},
>> "permissions":[
>> {
>> "name":"security-edit",
>> "role":"admin"},
>> {
>> "name":"xmpl_admin",
>> "collection":"xmpl",
>> "path":"/admin/*",
>> "role":"xmpladmin"},
>> {
>> "name":"xmpl_sel",