Re:Re: Implementing security.json is breaking ADDREPLICA

2015-11-19 Thread 
Hi Anshum,
I encounter the same problem after I config my security.json like this:
{ "authentication":{
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= 
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}},
  "authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"user-role":{"solr":"admin"},
"permissions":[
  { "name":"security-edit",
"role":"admin"},
  { "name":"read",
"role":"admin"},
  { "name":"update",
"role":"admin"}],
"":{"v":3}}}


I just want to restrict strangers to do select/create/update operations on my 
collections and configs like schema.xml or other things related to solr itself 
from both Admin UI and sorj. But it is useless and error occurs like this:
ERROR (RecoveryThread-gettingstarted_shard2_replica2) [c:gettingstarted 
s:shard2 r:core_node2 x:gettingstarted_shard2_replica2] 
o.a.s.c.RecoveryStrategy Error while trying to 
recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: 
Error from server at http://(myhost):7574/solr/gettingstarted_shard2_replica1: 
Expected mime type application/octet-stream but got text/html. 


Error 401 Unauthorized request, Response code: 401

HTTP ERROR 401
Problem accessing /solr/gettingstarted_shard2_replica1/update. Reason:
Unauthorized request, Response code: 
401Powered by Jetty://


 at 
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:528)
 at 
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:234)
 at 
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:226)
 at 
org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:135)
 at 
org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:152)
 at 
org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:207)
 at 
org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:147)
 at 
org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:437)
 at 
org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:227)
Error while trying to 
recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: 
Error from server at http://(myhost):7574/solr/gettingstarted_shard2_replica1: 
Expected mime type application/octet-stream but got text/html. 


Kind regards
Byzen Ma





At 2015-11-19 13:46:08, "Anshum Gupta"  wrote:
>Hi Craig,
>
>Just to be sure that you're using the feature as it should be used, can you
>outline what is it that you're trying to do here? There are a few things
>that aren't clear to me here, e.g. I see permissions for the /admin handler
>for a particular collection.
>
>What are the kind of permissions you're trying to set up.
>
>Solr uses it's internal PKI based mechanism for inter-shard communication
>and so you shouldn't really be hitting this. Can you check your logs and
>tell me if there are any other exceptions you see while bringing the node
>up etc. ? Something from PKI itself.
>
>About restricting the UI, there's another thread in parallel that's been
>discussing exactly that. The thing with the current UI implementation is
>that it bypasses all of this, primarily because most of that content is
>static. I am not saying we should be able to put it behind the
>authentication layer, but just that it's not currently supported through
>this plugin.
>
>On Wed, Nov 18, 2015 at 11:20 AM, Oakley, Craig (NIH/NLM/NCBI) [C] <
>craig.oak...@nih.gov> wrote:
>
>> Implementing security.json is breaking ADDREPLICA
>>
>> I have been able to reproduce this issue with minimal changes from an
>> out-of-the-box Zookeeper (3.4.6) and Solr (5.3.1): loading
>> configsets/basic_configs/conf into Zookeeper, creating the security.json
>> listed below, creating two nodes (one with a core named xmpl and one
>> without any core)- I can provide details if helpful.
>>
>> The security.json is as follows:
>>
>> {
>>   "authentication":{
>> "class":"solr.BasicAuthPlugin",
>> "credentials":{
>>   "solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
>>   "solruser":"VgZX1TAMNHT2IJikoGdKtxQdXc+MbNwfqzf89YqcLEE=
>> 37pPWQ9v4gciIKHuTmFmN0Rv66rnlMOFEWfEy9qjJfY="},
>> "":{"v":9}},
>>   "authorization":{
>> "class":"solr.RuleBasedAuthorizationPlugin",
>> "user-role":{
>>   "solr":[
>> "admin",
>> "read",
>> "xmpladmin",
>> "xmplgen",
>> "xmplsel"],
>>   "solruser":[
>> "read",
>> "xmplgen",
>> "xmplsel"]},
>> "permissions":[
>>   {
>> "name":"security-edit",
>> "role":"admin"},
>>   {
>> "name":"xmpl_admin",
>> "collection":"xmpl",
>> "path":"/admin/*",
>> "role":"xmpladmin"},
>>   {
>> "name":"xmpl_sel",

Synchronization Problems

2015-11-18 Thread 
Hi, I have encountered some problems with solr-5.3.1. After I initialized the 
solrcloud and set up BasicAuthPlugin and RuleBasedAuthorizationPlugin, 
something wrong happened to my solrcloud. I can't Synchronization as usual. The 
server log as follows:
master log
Invalid key PKIAuthenticationPlugin
silver log
Error while trying to 
recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: 
Error from server at http://172.16.200.35:8983/solr/t: Expected MIME type 
application/octet-stream but got text/html.  RecoveryStrategy


What can I do next?


Thanks,
Regards

Security Problems

2015-11-09 Thread 
Hi,

After I configure Authentication with Basic Authentication Plugin and 
Authorization with Rule-Based Authorization Plugin, How can I prevent the 
strangers from visiting my solr by browser? For example, if the stranger visit 
the http://(my host):8983, the browser will pop up a window and says "the 
server http://(my host):8983 requires a username and password"