Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14569

Configuring a shardHandlerFactory on the /select requestHandler results in HTTP 401 when searching on alias in secured Solr

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Patch Available
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 8.5, main (9.0)
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Environment:

      Unit test on master branch (9x) built on Windows 10 with Java 11
      Solr 8.5.0 instance running on CentOS 7.7 with Java 11

      Description

      The issue was first noticed on an instance of Solr 8.5.0, after securing Solr with security.json.

      Searching on a single collection returns the expected results, but searching on an alias returns HTTP 401.

      Note that this issue is not reproduced when the collections are created using the _default configuration.
      Update: Fast-forward to this comment for the reason why: https://issues.apache.org/jira/browse/SOLR-14569?focusedCommentId=17136195&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17136195

      The attached patch includes a unit test to query on an alias. Fixed and updated as per Jason Gerlowski' comments
      Patch applies on master branch (9x).
      The unit test is added to the test class that was originally part of the patch to fix SOLR-13510.
      Update: Unit tests fail if sharHandlerFactory is added to the requestHandler in configset cloud-minimal

      I also attach:

      • our product-specific Solr configuration, modified to remove irrelevant plugins and fields
      • security.json with user 'admin' (pwd 'admin')
        • Note that forwardCredentials true or false does not modify the behavior

      To test with attached configuration solr_conf.zip or updated_solr_conf.zip:

      • Download and unzip Solr 8.5.0
      • Modify ./bin/solr.in.sh :
        • ZK_HOST (optional)
        • SOLR_AUTH_TYPE="basic"
        • SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
      • Upload security.json into Zookeeper
      • Start Solr in cloud mode
        • ./bin/solr -c
      • Upload the provided configuration
      • ./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d /path/to/folder/conf/
      • Create 2 collections using the uploaded configuration
        • test1, test2
      • Create an alias grouping the 2 collections
        • test = test1, test2
      • Query (/select?q=:) one collection
        • results in successful Solr response
      • Query the alias (/select?q=:)
        • results in HTTP 401

      There is no need to add documents to observe the issue.

        Attachments

        1. SOLR-14569.patch
          4 kB
          Isabelle Giguere
        2. security.json
          0.4 kB
          Isabelle Giguere
        3. solr_conf.zip
          27 kB
          Isabelle Giguere
        4. security.json
          0.4 kB
          Isabelle Giguere
        5. SOLR-14569.patch
          4 kB
          Isabelle Giguere
        6. updated_solr_conf.zip
          27 kB
          Isabelle Giguere
        7. solr.log
          817 kB
          Isabelle Giguere
        8. curl_requests-responses.txt
          2 kB
          Isabelle Giguere
        9. SOLR-14569.patch
          15 kB
          Isabelle Giguere

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                igiguere Isabelle Giguere
              • Votes:
                3 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated: