lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-13510) Intermittent 401's for internode requests with basicauth enabled
Date Fri, 07 Jun 2019 11:45:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-13510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16858545#comment-16858545
] 

Jan Høydahl commented on SOLR-13510:
------------------------------------

Nope, just reproduced on 8_1 and it somehow ALWAYS uses PKI for inter-node now (verified on
JWTAuthIntegrationTest). I see that a mix of HttpSolrClient and Http2SolrClient is in use,
but have not been able to figure out why this happened after your commit, and only for 8_1.

> Intermittent 401's for internode requests with basicauth enabled
> ----------------------------------------------------------------
>
>                 Key: SOLR-13510
>                 URL: https://issues.apache.org/jira/browse/SOLR-13510
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication
>    Affects Versions: master (9.0)
>            Reporter: Jason Gerlowski
>            Assignee: Cao Manh Dat
>            Priority: Major
>         Attachments: SOLR-13510.patch
>
>
> We recently got a bug report on the mailing list:
> {quote}
> On Solr 8.1.1, using our previously working security.json, running queries
> (through the admin UI currently) I non-deterministically get 401 responses
> on queries when a collection has more than 1 shard. Increasing the number
> of shards in the collection makes the errors more likely.
> {
>   "responseHeader":{
>     "zkConnected":true,
>     "status":401,
>     "QTime":30,
>     "params":{
>       "q":"*:*",
>       "_":"1559474550365"}},
>   "error":{
>     "metadata":[
> "error-class","org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException",
> "root-error-class","org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException"],
>     "msg":"Error from server at null: Expected mime type
> application/octet-stream but got text/html. <html>\n<head>\n<meta
> http-equiv=\"Content-Type\"
> content=\"text/html;charset=utf-8\"/>\n<title>Error 401 require
> authentication</title>\n</head>\n<body><h2>HTTP ERROR 401</h2>\n<p>Problem
> accessing /solr/gettingstarted_shard4_replica_n6/select. Reason:\n<pre>
>  require authentication</pre></p>\n</body>\n</html>\n",
>     "code":401}}
> {quote}
> The reporter (credit to Colvin Cowie) also gives reproduction steps:
> {quote}
>    # Extract solr 8.1.1.
>    # bin\solr start -e cloud
>         1 node / [default port] / [default collection name] / 4 shards / 1
> replica / [_default configuration]
>    # server\scripts\cloud-scripts\zkcli -zkhost localhost:9983 -cmd putfile
> /security.json <path-to-security-json-file-with-content-below>
> {
>     "authentication": {
>         "blockUnknown": true,
>         "class": "solr.BasicAuthPlugin",
>         "credentials": {
>             "solradmin": "PIWZwkGnEKxKnqUs3X08xmbmYBaYyAeP3FiKp7fmeHc=
> Lnbp6bEbE7Ap8lXvQDKkUX2Xw53QDgP6Ae8QRT0P5/A="
>         }
>     },
>     "authorization": {
>         "class": "solr.RuleBasedAuthorizationPlugin",
>         "permissions": [{ "name": "all", "role": "admin"} ],
>         "user-role": {"solradmin": "admin"}
>     }
> }
> {quote}
> (Minor edits for conciseness)
> I'm able to reproduce this bug as well.  Other auth issues (SOLR-13472) look like they're
impacted by the topography of the collection and cluster.  But this doesn't seem affected
by that at all (401's occur on inter-node requests regardless of the recipient of the initial
request, and even when all nodes have a shard replica).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message