Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Duplicate
-
8.7, 8.8.1
-
None
-
Archi Linux, Zulu JDK11, Solr 8.8.1
Description
Issue confirmed for 8.7 and 8.8.1.
Steps to reproduce are:
1. Following the docs for setting up distributed search (https://solr.apache.org/guide/8_8/distributed-search-with-index-sharding.html).
1.1 Stop both nodes after confirming that distributed search works without basic auth (last step).
2. Enable basic authentication plugin for both nodes, example for example/nodes/node1/security.json:
{{
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":
,
"realm":"My Solr users",
"forwardCredentials": false
}}
}}
3. Configure shardsWhitelist in solr.xml of each node example/nodes/node1/solr.xml
{{
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
<int name="socketTimeout">${socketTimeout:600000}</int>
<int name="connTimeout">${connTimeout:60000}</int>
<str name="shardsWhitelist">localhost:8984,localhost:8985</str>
</shardHandlerFactory>
}}
4. Start both nodes.
5. Confirm that searching on one node with basic auth works with curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&wt=xml&indent=true"
6. Confirm that searching on both nodes does not work with {{curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
Error:
{{
❯ curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
<?xml version="1.0" encoding="UTF-8"?>
<response>
<lst name="responseHeader">
<int name="status">401</int>
<int name="QTime">173</int>
<lst name="params">
<str name="q">:</str>
<str name="shards">localhost:8985/solr/core1,localhost:8984/solr/core1</str>
<str name="indent">true</str>
<str name="fl">id,name</str>
<str name="wt">xml</str>
</lst>
</lst>
<lst name="error">
<lst name="metadata">
<str name="error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
<str name="root-error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
</lst>
<str name="msg">Error from server at null: Expected mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 require authentication</title>
</head>
<body><h2>HTTP ERROR 401 require authentication</h2>
<table>
<tr><th>URI:</th><td>/solr/core1/select</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>require authentication</td></tr>
<tr><th>SERVLET:</th><td>default</td></tr>
</table>
</body>
</html>
</str>
<int name="code">401</int>
</lst>
</response>
}}
See also SOLR-14569 that seems similar, but the patch provided does not help after I applied it to 8.8.1, therefore I think this is not the same issue.
Adjust priority as necessary. For cases where basic auth is required this means we cannot use Solr as of now.
Attachments
Issue Links
- duplicates
-
SOLR-15237 Distributed search with index sharding is not working with basic authentication plugin enabled
- Open