Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15235

Distributed search with index sharding is not working with basic authentication plugin enabled



    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Duplicate
    • Affects Version/s: 8.7, 8.8.1
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
    • Environment:

      Arch Linux, zulu JDK 11, Solr 8.8.1


      Steps to reproduce (from https://solr.apache.org/guide/8_8/distributed-search-with-index-sharding.html)
      1. Create two local servers and index two files as described in the docs.
      2. Check that search is working as described in the docs.
      3. Stop the instances.
      4. Add security.json for both nodes with configuration for auth plugin, for example
      "blockUnknown": true,

      {"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}

      "realm":"My Solr users",
      "forwardCredentials": false
      5. Add both nodes to the shardsWhitelist in both node's solr.xml, e.g. example/nodes/node1/solr.xml:
      <shardHandlerFactory name="shardHandlerFactory"
      <int name="socketTimeout">${socketTimeout:600000}</int>
      <int name="connTimeout">${connTimeout:60000}</int>
      <str name="shardsWhitelist">localhost:8984,localhost:8985</str>
      6. Start both nodes again.
      7. Try searching on a single node, should work: curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&wt=xml&indent=true"
      8. Try distributed search on both nodes, should not work anymore: //localhost:8984/solr/core1/select?q=:&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"

      ❯ curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
      <?xml version="1.0" encoding="UTF-8"?>

      <lst name="responseHeader">
      <int name="status">401</int>
      <int name="QTime">173</int>
      <lst name="params">
      <str name="q">:</str>
      <str name="shards">localhost:8985/solr/core1,localhost:8984/solr/core1</str>
      <str name="indent">true</str>
      <str name="fl">id,name</str>
      <str name="wt">xml</str>
      <lst name="error">
      <lst name="metadata">
      <str name="error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
      <str name="root-error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
      <str name="msg">Error from server at null: Expected mime type application/octet-stream but got text/html. <html>
      <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
      <title>Error 401 require authentication</title>
      <body><h2>HTTP ERROR 401 require authentication</h2>
      <tr><th>MESSAGE:</th><td>require authentication</td></tr>

      <int name="code">401</int>

      Please adjust the priority if needed, for us this means we cannot use Solr with basic auth enabled, which means cannot use it at all in cases where it is a requirement.

      I have linked a related issue that seems to be similar. I have applied the patch from that issue to 8.8.1 and it did not help in my case, therefore I think it is not the exact same issue.


          Issue Links



              • Assignee:
                shuremov Samir Huremovic
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created: