Hi
I'm having trouble with setting up authentication. My security.json
looks like this:
{
"authentication":{
"class":"solr.BasicAuthPlugin",
"blockUnknown": false,
"credentials":{
"admin":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
"nagios":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
"smsc":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
}
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"user-role":{
"admin":"role_admin",
"nagios":"role_monitoring",
"smsc":"role_smsc"
},
"permissions":[
{
"name":"all",
"role":"role_admin"
},
{
"name":"config-read",
"role":"role_monitoring"
},
{
"name":"read",
"role":"role_smsc"
},
{
"name":"update",
"role":"role_smsc"
}
]
}
}
When trying to login with for example check_solr_metrics.pl and the
nagios user the output is "CRITICAL: 403 Unauthorized request, Response
code: 403". Solr logging is showing these lines:
DEBUG - 2017-11-16 13:42:51.785; [c:smsc_lvs s:shard2 r:core_node1
x:smsc_lvs_shard2_replica1] org.apache.solr.servlet.SolrDispatchFilter;
Request to authenticate: Request(GET
//solr01:8983/solr/mydoc/admin/mbeans?stats=true&cat=UPDATE&key=%2Fupdate&omitHeader=off&wt=json&start=0&rows=3)@2722dc57,
domain: 10.1.1.42, port: 8983
DEBUG - 2017-11-16 13:42:51.786; [c:smsc_lvs s:shard2 r:core_node1
x:smsc_lvs_shard2_replica1] org.apache.solr.servlet.SolrDispatchFilter;
User principal: [principal: nagios]
DEBUG - 2017-11-16 13:42:51.786; [c:smsc_mydoc s:shard1 r:core_node2
x:smsc_mydoc_shard1_replica1] org.apache.solr.servlet.HttpSolrCall;
PkiAuthenticationPlugin says authorization required : true
DEBUG - 2017-11-16 13:42:51.786; [c:smsc_mydoc s:shard1 r:core_node2
x:smsc_mydoc_shard1_replica1] org.apache.solr.servlet.HttpSolrCall;
AuthorizationContext : userPrincipal: [[principal: nagios]] type:
[UNKNOWN], collections: [smsc_mydoc, smsc_mydoc,], Path: [/admin/mbeans]
path : /admin/mbeans params
:stats=true&omitHeader=off&cat=UPDATE&start=0&rows=3&wt=json&key=/update&collection=smsc_mydoc
INFO - 2017-11-16 13:42:51.786; [c:smsc_mydoc s:shard1 r:core_node2
x:smsc_mydoc_shard1_replica1]
org.apache.solr.security.RuleBasedAuthorizationPlugin; This resource is
configured to have a permission {
"name":"all",
"role":"role_admin"}, The principal [principal: nagios] does not have
the right role
INFO - 2017-11-16 13:42:51.787; [c:smsc_mydoc s:shard1 r:core_node2
x:smsc_mydoc_shard1_replica1] org.apache.solr.servlet.HttpSolrCall;
USER_REQUIRED auth header Basic bmFnaW9zOlNvbHJSb2Nrcw== context :
userPrincipal: [[principal: nagios]] type: [UNKNOWN], collections:
[smsc_mydoc, smsc_mydoc,], Path: [/admin/mbeans] path : /admin/mbeans
params
:stats=true&omitHeader=off&cat=UPDATE&start=0&rows=3&wt=json&key=/update&collection=smsc_mydoc
DEBUG - 2017-11-16 13:42:51.787; [c:smsc_mydoc s:shard1 r:core_node2
x:smsc_mydoc_shard1_replica1] org.apache.solr.servlet.HttpSolrCall;
Closing out SolrRequest:
{stats=true&omitHeader=off&cat=UPDATE&start=0&rows=3&wt=json&key=/update&collection=smsc_mydoc}
Anybody an idea what I'm doing wrong here?
Thx!
Arkadi