Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13510

Intermittent 401's for internode requests with basicauth enabled

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: main (9.0)
    • Fix Version/s: 8.1.2, 8.2, main (9.0)
    • Component/s: Authentication
    • Labels:


      We recently got a bug report on the mailing list:

      On Solr 8.1.1, using our previously working security.json, running queries
      (through the admin UI currently) I non-deterministically get 401 responses
      on queries when a collection has more than 1 shard. Increasing the number
      of shards in the collection makes the errors more likely.



      "msg":"Error from server at null: Expected mime type
      application/octet-stream but got text/html. <html>\n<head>\n<meta
      content=\"text/html;charset=utf-8\"/>\n<title>Error 401 require
      authentication</title>\n</head>\n<body><h2>HTTP ERROR 401</h2>\n<p>Problem
      accessing /solr/gettingstarted_shard4_replica_n6/select. Reason:\n<pre>
      require authentication</pre></p>\n</body>\n</html>\n",

      The reporter (credit to Colvin Cowie) also gives reproduction steps:

      1. Extract solr 8.1.1.
      2. bin\solr start -e cloud
        1 node / [default port] / [default collection name] / 4 shards / 1
        replica / [_default configuration]
      3. server\scripts\cloud-scripts\zkcli -zkhost localhost:9983 -cmd putfile
        /security.json <path-to-security-json-file-with-content-below>

      "authentication": {
      "blockUnknown": true,
      "class": "solr.BasicAuthPlugin",

      Unknown macro: { "solradmin"}

      "authorization": {
      "class": "solr.RuleBasedAuthorizationPlugin",
      "permissions": [

      Unknown macro: { "name"}


      Unknown macro: {"solradmin"}


      (Minor edits for conciseness)

      I'm able to reproduce this bug as well. Other auth issues (SOLR-13472) look like they're impacted by the topography of the collection and cluster. But this doesn't seem affected by that at all (401's occur on inter-node requests regardless of the recipient of the initial request, and even when all nodes have a shard replica).


        Issue Links



            • Assignee:
              caomanhdat Cao Manh Dat
              gerlowskija Jason Gerlowski


              • Created:

                Issue deployment