lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anshum Gupta <ans...@anshumgupta.net>
Subject Re: How to config security.json?
Date Sun, 06 Dec 2015 04:03:22 GMT
Hi Byzen,

To begin with, seems like you didn't add a user for the groups/roles you
have defined above in your security.json. You would need to do so in order
to be able to send acceptable read/update requests.

In addition, there were a couple of known issues that were reported and
fixed and you're hitting those. Those fixes would be released with the
upcoming Solr 5.4. Here are the links to those issues:

https://issues.apache.org/jira/browse/SOLR-8326
https://issues.apache.org/jira/browse/SOLR-8355

If you still want to just apply patches to 5.3.1 instead of a complete
upgrade, I suggest you apply patches from those 2 issues plus from the
commit on issue SOLR-8167.

-Anshum

On Thu, Nov 19, 2015 at 4:21 PM, Byzen Ma <mabaizhang@126.com> wrote:

> Hi, I'm not quite familar with security.json. I want to achieve these
> implementations. (1)Anyone who wants to do read/select/query action should
> be required passwd and username, namely authentication, no matter from
> Admin
> UI and solrj, especially from Admin UI! For I need to restrict strangers to
> reach my solr. (2)Anyone who wants to update, includes delete, create and
> so
> on, also needs passwd and username same as (1). I config the security.json
> as follows:
>
>
>
> {
>
>   "authentication":{
>
>     "class":"solr.BasicAuthPlugin",
>
>     "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}},
>
>   "authorization":{
>
>     "class":"solr.RuleBasedAuthorizationPlugin",
>
>     "user-role":{"solr":"admin"},
>
>     "permissions":[
>
>       {
>
>         "name":"security-edit",
>
>         "role":"admin"},
>
>       {
>
>         "name":"read",
>
>         "role":"admin"},
>
>       {
>
>         "name":"update",
>
>         "role":"admin"}],
>
>     "":{"v":3}}}
>
>
>
> However, it does't work! More than that, an error happened again and again
> when node2 recover from node1. I start my solrcloud by commandLine with
> "solr start -e cloud" and set all the configs as default. How can I set the
> security.json to achieve my goals? Here are the server logs:
>
>
>
> ERROR (RecoveryThread-gettingstarted_shard2_replica2) [c:gettingstarted
> s:shard2 r:core_node2 x:gettingstarted_shard2_replica2]
> o.a.s.c.RecoveryStrategy Error while trying to
>
> recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException
> : Error from server at
> http://(myhost):7574/solr/gettingstarted_shard2_replica1: Expected mime
> type
> application/octet-stream but got text/html. <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
>
> <title>Error 401 Unauthorized request, Response code: 401</title>
>
> </head>
>
> <body><h2>HTTP ERROR 401</h2>
>
> <p>Problem accessing /solr/gettingstarted_shard2_replica1/update. Reason:
>
> <pre>    Unauthorized request, Response code:
> 401</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
>
>
>
> </body>
>
> </html>
>
>
>
>          at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClien
> t.java:528)
>
>          at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java
> :234)
>
>          at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java
> :226)
>
>          at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:135)
>
>          at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:152)
>
>          at
>
> org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:
> 207)
>
>          at
> org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:147)
>
>          at
>
> org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:437)
>
>          at
> org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:227)
>
> Error while trying to
>
> recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException
> : Error from server at
> http://(myhost):7574/solr/gettingstarted_shard2_replica1: Expected mime
> type
> application/octet-stream but got text/html. <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
>
> <title>Error 401 Unauthorized request, Response code: 401</title>
>
> </head>
>
> <body><h2>HTTP ERROR 401</h2>
>
> <p>Problem accessing /solr/gettingstarted_shard2_replica1/update. Reason:
>
> <pre>    Unauthorized request, Response code:
> 401</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
>
>
>
> </body>
>
> </html>
>
>
>
>          at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClien
> t.java:528)
>
>          at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java
> :234)
>
>          at
>
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java
> :226)
>
>          at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:135)
>
>          at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:152)
>
>          at
>
> org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:
> 207)
>
>          at
> org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:147)
>
>          at
>
> org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:437)
>
>          at
> org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:227)
>
> 1531614 ERROR (qtp5264648-21) [c:gettingstarted s:shard1 r:core_node1
> x:gettingstarted_shard1_replica2] o.a.s.h.a.ShowFileRequestHandler Can not
> find: /configs/gettingstarted/admin-extra.menu-top.html
>
> 1531614 ERROR (qtp5264648-16) [c:gettingstarted s:shard1 r:core_node1
> x:gettingstarted_shard1_replica2] o.a.s.h.a.ShowFileRequestHandler Can not
> find: /configs/gettingstarted/admin-extra.menu-bottom.html
>
> 1531661 ERROR (qtp5264648-14) [c:gettingstarted s:shard1 r:core_node1
> x:gettingstarted_shard1_replica2] o.a.s.h.a.ShowFileRequestHandler Can not
> find: /configs/gettingstarted/admin-extra.html
>
> ......
>
>
>
> Kind regards,
>
> Byzen Ma
>
>


-- 
Anshum Gupta

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message