Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15235

Distributed search with index sharding is not working with basic authentication plugin enabled

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Duplicate
    • Affects Version/s: 8.7, 8.8.1
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
    • Environment:

      Arch Linux, zulu JDK 11, Solr 8.8.1

      Description

      Steps to reproduce (from https://solr.apache.org/guide/8_8/distributed-search-with-index-sharding.html)
      1. Create two local servers and index two files as described in the docs.
      2. Check that search is working as described in the docs.
      3. Stop the instances.
      4. Add security.json for both nodes with configuration for auth plugin, for example
      {{{
      "authentication":{
      "blockUnknown": true,
      "class":"solr.BasicAuthPlugin",
      "credentials":

      {"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}

      ,
      "realm":"My Solr users",
      "forwardCredentials": false
      }}}}
      5. Add both nodes to the shardsWhitelist in both node's solr.xml, e.g. example/nodes/node1/solr.xml:
      {{
      <shardHandlerFactory name="shardHandlerFactory"
      class="HttpShardHandlerFactory">
      <int name="socketTimeout">${socketTimeout:600000}</int>
      <int name="connTimeout">${connTimeout:60000}</int>
      <str name="shardsWhitelist">localhost:8984,localhost:8985</str>
      </shardHandlerFactory>
      }}
      6. Start both nodes again.
      7. Try searching on a single node, should work: curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&wt=xml&indent=true"
      8. Try distributed search on both nodes, should not work anymore: //localhost:8984/solr/core1/select?q=:&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"

      Error:
      {{
      ❯ curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
      <?xml version="1.0" encoding="UTF-8"?>
      <response>

      <lst name="responseHeader">
      <int name="status">401</int>
      <int name="QTime">173</int>
      <lst name="params">
      <str name="q">:</str>
      <str name="shards">localhost:8985/solr/core1,localhost:8984/solr/core1</str>
      <str name="indent">true</str>
      <str name="fl">id,name</str>
      <str name="wt">xml</str>
      </lst>
      </lst>
      <lst name="error">
      <lst name="metadata">
      <str name="error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
      <str name="root-error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
      </lst>
      <str name="msg">Error from server at null: Expected mime type application/octet-stream but got text/html. <html>
      <head>
      <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
      <title>Error 401 require authentication</title>
      </head>
      <body><h2>HTTP ERROR 401 require authentication</h2>
      <table>
      <tr><th>URI:</th><td>/solr/core1/select</td></tr>
      <tr><th>STATUS:</th><td>401</td></tr>
      <tr><th>MESSAGE:</th><td>require authentication</td></tr>
      <tr><th>SERVLET:</th><td>default</td></tr>
      </table>

      </body>
      </html>
      </str>
      <int name="code">401</int>
      </lst>
      </response>
      }}

      Please adjust the priority if needed, for us this means we cannot use Solr with basic auth enabled, which means cannot use it at all in cases where it is a requirement.

      I have linked a related issue that seems to be similar. I have applied the patch from that issue to 8.8.1 and it did not help in my case, therefore I think it is not the exact same issue.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                shuremov Samir Huremovic
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: