Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15236

Distributed search with index sharding is not working with basic authentication plugin enabled

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Duplicate
    • Affects Version/s: 8.7, 8.8.1
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
    • Environment:

      Archi Linux, Zulu JDK11, Solr 8.8.1

      Description

      Issue confirmed for 8.7 and 8.8.1.

      Steps to reproduce are:
      1. Following the docs for setting up distributed search (https://solr.apache.org/guide/8_8/distributed-search-with-index-sharding.html).
      1.1 Stop both nodes after confirming that distributed search works without basic auth (last step).
      2. Enable basic authentication plugin for both nodes, example for example/nodes/node1/security.json:
      {{
      {
      "authentication":{
      "blockUnknown": true,
      "class":"solr.BasicAuthPlugin",
      "credentials":

      {"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}

      ,
      "realm":"My Solr users",
      "forwardCredentials": false
      }}

      }}
      3. Configure shardsWhitelist in solr.xml of each node example/nodes/node1/solr.xml
      {{
      <shardHandlerFactory name="shardHandlerFactory"
      class="HttpShardHandlerFactory">
      <int name="socketTimeout">${socketTimeout:600000}</int>
      <int name="connTimeout">${connTimeout:60000}</int>
      <str name="shardsWhitelist">localhost:8984,localhost:8985</str>
      </shardHandlerFactory>
      }}
      4. Start both nodes.
      5. Confirm that searching on one node with basic auth works with curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&wt=xml&indent=true"
      6. Confirm that searching on both nodes does not work with {{curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"

      Error:
      {{
      ❯ curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
      <?xml version="1.0" encoding="UTF-8"?>
      <response>

      <lst name="responseHeader">
      <int name="status">401</int>
      <int name="QTime">173</int>
      <lst name="params">
      <str name="q">:</str>
      <str name="shards">localhost:8985/solr/core1,localhost:8984/solr/core1</str>
      <str name="indent">true</str>
      <str name="fl">id,name</str>
      <str name="wt">xml</str>
      </lst>
      </lst>
      <lst name="error">
      <lst name="metadata">
      <str name="error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
      <str name="root-error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
      </lst>
      <str name="msg">Error from server at null: Expected mime type application/octet-stream but got text/html. <html>
      <head>
      <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
      <title>Error 401 require authentication</title>
      </head>
      <body><h2>HTTP ERROR 401 require authentication</h2>
      <table>
      <tr><th>URI:</th><td>/solr/core1/select</td></tr>
      <tr><th>STATUS:</th><td>401</td></tr>
      <tr><th>MESSAGE:</th><td>require authentication</td></tr>
      <tr><th>SERVLET:</th><td>default</td></tr>
      </table>

      </body>
      </html>
      </str>
      <int name="code">401</int>
      </lst>
      </response>
      }}

      See also SOLR-14569 that seems similar, but the patch provided does not help after I applied it to 8.8.1, therefore I think this is not the same issue.

      Adjust priority as necessary. For cases where basic auth is required this means we cannot use Solr as of now.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                shuremov Samir Huremovic
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: