Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13566

REINDEXCOLLECTION does not work with (basic) authentication

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 8.1.1
    • 8.2
    • None
    • None


      I'm on the Solr 8.1 branch off commit f26388d034fe5eadca7416aa63b509b8db2c7688 so I have the authentication fixes from SOLR-13510 (intermittent 401s for internode requests)
      When trying to use the new REINDEXCOLLECTION command introduced in SOLR-11127 with basic auth enabled, the daemon stream fails with repeated 401s when trying to access the target collection.
      This might be the same problem as SOLR-13472, except it applies even with a single node, and this doesn't require role based configuration.
      Repro: I added a reindex request in BasicAuthIntegrationTest and it is reproducible in there... I don't know what effect it should have on the auth metrics, if it were working correctly, so I don't know how to update the test properly. But you can add the request towards the end of org.apache.solr.security.BasicAuthIntegrationTest.testBasicAuth()
            CollectionAdminRequest.ReindexCollection reindexReq = CollectionAdminRequest.reindexCollection(COLLECTION);
            reindexReq.setBasicAuthCredentials("harry", "HarryIsUberCool");
            cluster.getSolrClient().request(reindexReq, COLLECTION);
      Manual Repro:
      run bin/solr -e cloud
      Choose 1 node / 1 shard / 1 replica
      In browser GET http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted will succeed
      Enable security: server\scripts\cloud-scripts\zkcli -zkhost localhost:9983 -cmd putfile /security.json <path to file with this>
          "authentication": {
              "blockUnknown": true,
              "class": "solr.BasicAuthPlugin",

      {             "solradmin": "fskh17INKrOTSRCJ8HkamA0L6Uiq1dSMgn4OVy8htME= /Q4VgOkwVlP6AMVY+ML+IuodbfV81WEfZ3lFb390bws="         }

      In browser authenticate (as solradmin : solradmin) and GET http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted will time out after 180 seconds
      The solr log will show repeated 401s
      Setting "forwardCredentials" : true in the security.json does not appear to change the outcome.
      The daemon stream should probably be using PKI auth for the internal request.


        1. responses.txt
          6 kB
          Colvin Cowie
        2. security.json
          0.3 kB
          Colvin Cowie
        3. solr.log
          626 kB
          Colvin Cowie
        4. SOLR-13566.patch
          6 kB
          Colvin Cowie
        5. SOLR-13566.patch
          6 kB
          Colvin Cowie
        6. SOLR-13566.patch
          2 kB
          Colvin Cowie

        Issue Links


          This comment will be Viewable by All Users Viewable by All Users


            ab Andrzej Bialecki
            cjcowie Colvin Cowie
            0 Vote for this issue
            3 Start watching this issue




                Issue deployment