[SOLR-14569] Configuring a shardHandlerFactory on the /select requestHandler results in HTTP 401 when searching on alias in secured Solr - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 8.5
Fix Version/s: 9.0, 8.11.2
Component/s: Authentication
Labels:
None
Environment:

Unit test on master branch (9x) built on Windows 10 with Java 11
Solr 8.5.0 instance running on CentOS 7.7 with Java 11

Description

The issue was first noticed on an instance of Solr 8.5.0, after securing Solr with security.json.

Searching on a single collection returns the expected results, but searching on an alias returns HTTP 401.

Note that this issue is not reproduced when the collections are created using the _default configuration.
Update: Fast-forward to this comment for the reason why: https://issues.apache.org/jira/browse/SOLR-14569?focusedCommentId=17136195&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17136195

The attached patch includes a unit test to query on an alias. Fixed and updated as per gerlowskija' comments
Patch applies on master branch (9x).
The unit test is added to the test class that was originally part of the patch to fix ~~SOLR-13510~~.
Update: Unit tests fail if sharHandlerFactory is added to the requestHandler in configset cloud-minimal

I also attach:

our product-specific Solr configuration, modified to remove irrelevant plugins and fields
security.json with user 'admin' (pwd 'admin')
- Note that forwardCredentials true or false does not modify the behavior

To test with attached configuration solr_conf.zip or updated_solr_conf.zip:

Download and unzip Solr 8.5.0
Modify ./bin/solr.in.sh :
- ZK_HOST (optional)
- SOLR_AUTH_TYPE="basic"
- SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
Upload security.json into Zookeeper
- ./bin/solr zk cp file:/path/to/security.json zk:/path/to/solr/security.json [-z <zk_host>:<zk_port>[/<solr>]]
Start Solr in cloud mode
- ./bin/solr -c
Upload the provided configuration
./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d /path/to/folder/conf/
Create 2 collections using the uploaded configuration
- test1, test2
Create an alias grouping the 2 collections
- test = test1, test2
Query (/select?q=:) one collection
- results in successful Solr response
Query the alias (/select?q=:)
- results in HTTP 401

There is no need to add documents to observe the issue.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SOLR-14569.patch
14/Jun/20 21:07
4 kB
Isabelle Giguere
security.json
14/Jun/20 21:08
0.4 kB
Isabelle Giguere
solr_conf.zip
14/Jun/20 21:08
27 kB
Isabelle Giguere
security.json
15/Jun/20 17:28
0.4 kB
Isabelle Giguere
SOLR-14569.patch
15/Jun/20 18:25
4 kB
Isabelle Giguere
updated_solr_conf.zip
15/Jun/20 21:18
27 kB
Isabelle Giguere
solr.log
15/Jun/20 21:18
817 kB
Isabelle Giguere
curl_requests-responses.txt
15/Jun/20 21:26
2 kB
Isabelle Giguere
SOLR-14569.patch
02/Jul/20 19:39
15 kB
Isabelle Giguere
SOLR-14569-mrm.patch
20/Dec/21 21:17
19 kB
Mark Robert Miller

Issue Links

relates to

SOLR-13510 Intermittent 401's for internode requests with basicauth enabled

Closed

links to

GitHub Pull Request #574

Activity

People

Assignee:: Mark Robert Miller

Reporter:: Isabelle Giguere

Votes:: 3 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 14/Jun/20 21:00

Updated:: 21/May/22 15:04

Resolved:: 08/Feb/22 20:54

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

0.5h