[ https://issues.apache.org/jira/browse/SOLR-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14264246#comment-14264246 ]
Kapil Malik commented on SOLR-4470: ----------------------------------- Hi, I've a solr cloud installation (Solr 4.10.2) and I want to authenticate requests made via SolrJ client using SolrCloudServer (Refer : http://wiki.apache.org/solr/Solrj#Using_with_SolrCloud ) I followed https://wiki.apache.org/solr/SolrSecurity to add basic authentication by editing webdefault.xml, jetty.xml etc. and when I start the first node, I am able to see the auth prompt on accessing it via web-browser, and login successfully. I am also able to access it via SolrJ client using SolrCloudServer and HttpClientUtil.setBasicAuth((DefaultHttpClient) cloudServer.getLbServer().getHttpClient(), username, password); But the 2nd node does not start properly and it gives 401 error ERROR org.apache.solr.cloud.RecoveryStrategy – Error while trying to recover. core=mycollection_shard1_replica1:java.util.concurrent.ExecutionException: org.apache.solr.client.solrj.impl.HttpSolrServer$RemoteSolrException: Expected mime type application/octet-stream but got text/html <401 error message html> at java.util.concurrent.FutureTask.report(FutureTask.java:122) at java.util.concurrent.FutureTask.get(FutureTask.java:188) at org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:615) at org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:371) at org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:235) The Solr security wiki relies on SOLR-4470 for inter-solr-node requests (org.apache.solr.security.InterSolrNodeAuthCredentialsFactory.SubRequestFactory etc.) Since SOLR-4470 is not implemented yet, is there any way I can secure the calls made to my solr cloud ? Or is it impossible to add basic authentication to requests to SolrCloud made via SolrJ client using SolrCloudServer today? > Support for basic http auth in internal solr requests > ----------------------------------------------------- > > Key: SOLR-4470 > URL: https://issues.apache.org/jira/browse/SOLR-4470 > Project: Solr > Issue Type: New Feature > Components: clients - java, multicore, replication (java), SolrCloud > Affects Versions: 4.0 > Reporter: Per Steffensen > Assignee: Jan Høydahl > Labels: authentication, https, solrclient, solrcloud, ssl > Fix For: Trunk > > Attachments: SOLR-4470.patch, SOLR-4470.patch, SOLR-4470.patch, > SOLR-4470.patch, SOLR-4470.patch, SOLR-4470.patch, SOLR-4470.patch, > SOLR-4470.patch, SOLR-4470.patch, SOLR-4470.patch, SOLR-4470.patch, > SOLR-4470.patch, SOLR-4470_branch_4x_r1452629.patch, > SOLR-4470_branch_4x_r1452629.patch, SOLR-4470_branch_4x_r1454444.patch, > SOLR-4470_trunk_r1568857.patch > > > We want to protect any HTTP-resource (url). We want to require credentials no > matter what kind of HTTP-request you make to a Solr-node. > It can faily easy be acheived as described on > http://wiki.apache.org/solr/SolrSecurity. This problem is that Solr-nodes > also make "internal" request to other Solr-nodes, and for it to work > credentials need to be provided here also. > Ideally we would like to "forward" credentials from a particular request to > all the "internal" sub-requests it triggers. E.g. for search and update > request. > But there are also "internal" requests > * that only indirectly/asynchronously triggered from "outside" requests (e.g. > shard creation/deletion/etc based on calls to the "Collection API") > * that do not in any way have relation to an "outside" "super"-request (e.g. > replica synching stuff) > We would like to aim at a solution where "original" credentials are > "forwarded" when a request directly/synchronously trigger a subrequest, and > fallback to a configured "internal credentials" for the > asynchronous/non-rooted requests. > In our solution we would aim at only supporting basic http auth, but we would > like to make a "framework" around it, so that not to much refactoring is > needed if you later want to make support for other kinds of auth (e.g. digest) > We will work at a solution but create this JIRA issue early in order to get > input/comments from the community as early as possible. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org