Return-Path: X-Original-To: apmail-lucene-dev-archive@www.apache.org Delivered-To: apmail-lucene-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C716C1863B for ; Tue, 29 Dec 2015 10:32:50 +0000 (UTC) Received: (qmail 24468 invoked by uid 500); 29 Dec 2015 10:32:50 -0000 Delivered-To: apmail-lucene-dev-archive@lucene.apache.org Received: (qmail 24404 invoked by uid 500); 29 Dec 2015 10:32:50 -0000 Mailing-List: contact dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@lucene.apache.org Delivered-To: mailing list dev@lucene.apache.org Received: (qmail 24381 invoked by uid 99); 29 Dec 2015 10:32:50 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Dec 2015 10:32:49 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id A88FC2C1F6D for ; Tue, 29 Dec 2015 10:32:49 +0000 (UTC) Date: Tue, 29 Dec 2015 10:32:49 +0000 (UTC) From: "Anshum Gupta (JIRA)" To: dev@lucene.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (SOLR-8422) Basic Authentication plugin is not working correctly in solrcloud MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SOLR-8422?page=3Dcom.atlassian= .jira.plugin.system.issuetabpanels:all-tabpanel ] Anshum Gupta updated SOLR-8422: ------------------------------- Fix Version/s: Trunk 5.5 > Basic Authentication plugin is not working correctly in solrcloud > ----------------------------------------------------------------- > > Key: SOLR-8422 > URL: https://issues.apache.org/jira/browse/SOLR-8422 > Project: Solr > Issue Type: Bug > Components: Authentication > Affects Versions: 5.3.1 > Environment: Solrcloud > Reporter: Nirmala Venkatraman > Assignee: Noble Paul > Fix For: 5.5, Trunk > > Attachments: SOLR-8422.patch > > > Iam seeing a problem with basic auth on Solr5.3.1 . We have 5 node solrcl= oud with basic auth configured on sgdsolar1/2/3/4/7 , listening on port 898= 4. We have 64 collections, each having 2 replicas distributed across the 5= servers in the solr cloud. A sample screen shot of the collections/shard l= ocations shown below:- > Step 1 - Our solr indexing tool sends a request to say any one of the s= olr servers in the solrcloud and the request is sent to a server which do= esn't have the collection > Here is the request sent by the indexing tool to sgdsolar1, that include= s the correct BasicAuth credentials > Step2 - Now sgdsolar1 routes the request to sgdsolar2 that has the colle= ction1, but no basic auth header is being passed.=20 > As a results sgdsolar2 throws a 401 error back to source server sgdsolar1= and all the way back to solr indexing tool > 9.32.182.53 - - [15/Dec/2015:00:45:18 +0000] "GET /solr/collection1/get?_= route_=3DQ049c2dkbWFpbDMwL089U0dfVVMx20093510!&ids=3DQ049c2dkbWFpbDMwL089U0= dfVVMx20093510!08D9EACCA5AE663400257EB6005A5CFF,Q049c2dkbWFpbDMwL089U0dfVVM= x20093510!9057B828F841C41F00257EB6005A7421,Q049c2dkbWFpbDMwL089U0dfVVMx2009= 3510!F3FB9305A00A0E1200257EB6005AAA99,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!= E9815A6F3CBC3D0E00257EB6005ACA02,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!FEB43= AC9F648AFC500257EB6005AE4EB,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!4CF37E73A1= 8F9D9F00257E590016CBD9,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!61D5457FEA1EBE5= C00257E5900188729,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!6B0D89B9A7EEBC460025= 7E590019CEDA,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!360B9B52D9C6DFE400257EB20= 07FCD8B,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!D86D4CED01F66AF300257EB2008305= A4&fl=3Dunid,sequence,folderunid&wt=3Dxml&rows=3D10 HTTP/1.1" 401 366 > 2015-12-15 00:45:18.112 INFO (qtp1214753695-56) [c:collection1 s:shard1 = r:core_node1 x:collection1_shard1_replica1] o.a.s.s.RuleBasedAuthorizationP= lugin request has come without principal. failed permission org.apache.solr= .security.RuleBasedAuthorizationPlugin$Permission@5ebe8fca > 2015-12-15 00:45:18.113 INFO (qtp1214753695-56) [c:collection1 s:shard1 = r:core_node1 x:collection1_shard1_replica1] o.a.s.s.HttpSolrCall USER_REQUI= RED auth header null context : userPrincipal: [null] type: [READ], collecti= ons: [collection1,], Path: [/get] path : /get params :fl=3Dunid,sequence,fo= lderunid&ids=3DQ049c2dkbWFpbDMwL089U0dfVVMx20093510!08D9EACCA5AE663400257EB= 6005A5CFF,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!9057B828F841C41F00257EB6005A= 7421,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!F3FB9305A00A0E1200257EB6005AAA99,= Q049c2dkbWFpbDMwL089U0dfVVMx20093510!E9815A6F3CBC3D0E00257EB6005ACA02,Q049c= 2dkbWFpbDMwL089U0dfVVMx20093510!FEB43AC9F648AFC500257EB6005AE4EB,Q049c2dkbW= FpbDMwL089U0dfVVMx20093510!4CF37E73A18F9D9F00257E590016CBD9,Q049c2dkbWFpbDM= wL089U0dfVVMx20093510!61D5457FEA1EBE5C00257E5900188729,Q049c2dkbWFpbDMwL089= U0dfVVMx20093510!6B0D89B9A7EEBC4600257E590019CEDA,Q049c2dkbWFpbDMwL089U0dfV= VMx20093510!360B9B52D9C6DFE400257EB2007FCD8B,Q049c2dkbWFpbDMwL089U0dfVVMx20= 093510!D86D4CED01F66AF300257EB2008305A4&rows=3D10&wt=3Dxml&_route_=3DQ049c2= dkbWFpbDMwL089U0dfVVMx20093510! > Step 3 - In another solrcloud , if the indexing tool sends the solr get r= equest to the server that has the collection1, I see that basic authenticat= ion working as expected. > I double checked and see both sgdsolar1/sgdsolar2 servers have the patche= d solr-core and solr-solrj jar files under the solr-webapp folder that were= provided via earlier patches that Anshum/Noble worked on:- > SOLR-8167 fixes the POST issue=20 > SOLR-8326 fixing PKIAuthenticationPlugin. > SOLR-8355 -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org For additional commands, e-mail: dev-help@lucene.apache.org