[
https://issues.apache.org/jira/browse/SOLR-9313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15383573#comment-15383573
]
narayana b commented on SOLR-9313:
----------------------------------
Error
httpShardExecutor-4-thread-2-processing-n:pcam-dev-app-01:8983_solr
[https:////pcam-dev-app-02:8984//solr] https:////pcam-dev-app-02:8984//solr,
called closeSocket()
httpShardExecutor-4-thread-4-processing-n:pcam-dev-app-01:8983_solr
[https:////pcam-dev-app-02:8983//solr] https:////pcam-dev-app-02:8983//solr,
called closeSocket()
httpShardExecutor-4-thread-2-processing-n:pcam-dev-app-01:8983_solr
[https:////pcam-dev-app-02:8984//solr] https:////pcam-dev-app-02:8984//solr,
handling exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
httpShardExecutor-4-thread-4-processing-n:pcam-dev-app-01:8983_solr
[https:////pcam-dev-app-02:8983//solr] https:////pcam-dev-app-02:8983//solr,
handling exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
httpShardExecutor-4-thread-2-processing-n:pcam-dev-app-01:8983_solr
[https:////pcam-dev-app-02:8984//solr] https:////pcam-dev-app-02:8984//solr,
called close()
httpShardExecutor-4-thread-4-processing-n:pcam-dev-app-01:8983_solr
[https:////pcam-dev-app-02:8983//solr] https:////pcam-dev-app-02:8983//solr,
called close()
httpShardExecutor-4-thread-4-processing-n:pcam-dev-app-01:8983_solr
[https:////pcam-dev-app-02:8983//solr] https:////pcam-dev-app-02:8983//solr,
called closeInternal(true)
httpShardExecutor-4-thread-2-processing-n:pcam-dev-app-01:8983_solr
[https:////pcam-dev-app-02:8984//solr] https:////pcam-dev-app-02:8984//solr,
called closeInternal(true)
658677 ERROR
(OverseerThreadFactory-5-thread-1-processing-n:pcam-dev-app-01:8983_solr) [ ]
o.a.s.c.OverseerCollectionMessageHandler Error from shard:
https://pcam-dev-app-02:8984/solr
org.apache.solr.client.solrj.SolrServerException: IOException occured when
talking to server at: https://pcam-dev-app-02:8984/solr
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:604)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:259)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248)
at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219)
at
org.apache.solr.handler.component.HttpShardHandler.lambda$submit$65(HttpShardHandler.java:195)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$22(ExecutorUtil.java:229)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at
org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:495)
... 11 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 35 more
658695 ERROR
(OverseerThreadFactory-5-thread-1-processing-n:pcam-dev-app-01:8983_solr) [ ]
o.a.s.c.OverseerCollectionMessageHandler Error from shard:
https://pcam-dev-app-02:8983/solr
org.apache.solr.client.solrj.SolrServerException: IOException occured when
talking to server at: https://pcam-dev-app-02:8983/solr
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:604)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:259)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248)
at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219)
at
org.apache.solr.handler.component.HttpShardHandler.lambda$submit$65(HttpShardHandler.java:195)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$22(ExecutorUtil.java:229)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at
org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:495)
... 11 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 35 more
> Solr 6.1.0 SSL, and Basic Auth - shards index failed
> ----------------------------------------------------
>
> Key: SOLR-9313
> URL: https://issues.apache.org/jira/browse/SOLR-9313
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Affects Versions: 6.1
> Environment: RHEL 7.2, Solr 6.1.0, Java 1.8, zk 3.4.8
> Reporter: narayana b
> Priority: Blocker
> Labels: security
>
> Hi,
> This is a blocker, shards collection seeking for auth with 401 error.
> I have provided auth details in my java client then too failing to index on
> shards collection
> I have 2 boxes (dev01,dev02)
> Zookeeper with chroot (/solr)
> ------------------------------------
> dev01 - zoo1:2181, zoo2:2182
> dev02 - zoo3:2183
> solr jvm instances:
> -----------------------
> dev01 - solrjvm1 - 8983, solrjvm2 - 8984
> dev02 - solrjvm1 - 8983, solrjvm2 - 8984
> I enabled solr SSL channel, followed below link, i have used self signed
> certificate
> https://cwiki.apache.org/confluence/display/solr/Enabling+SSL
> Basic auth:
> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin
> security.json
> ----------------
> {
> "authentication":{
> "blockUnknown": true,
> "class":"solr.BasicAuthPlugin",
> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
> },
> "authorization":{
> "class":"solr.RuleBasedAuthorizationPlugin",
> "user-role":{"solr":"admin"},
> "permissions":[
> {"name":"security-edit", "role":"admin"},
> {"name":"config-edit", "role":"admin"},
> {"name":"collection-admin-edit",
> "role":"admin"},
> {"name":"all", "collection":null, "path":"/*",
> "role":"admin"},
> {"name":"update", "collection":null,
> "path":"/*", "role":"admin"}
> ]
> }
> }
> Collection CREATE/DELETE via browser
> https://pcam-dev-app-01:8983/solr/admin/collections?action=DELETE&name=scdata_test
> https://pcam-dev-app-01:8983/solr/admin/collections?action=CREATE&name=scdata_test&numShards=1&replicationFactor=2&createNodeSet=pcam-dev-app-01:8983_solr,pcam-dev-app-01:8984_solr&collection.configName=scdata
> Two shards created:
> -------------------------
> scdata_test_shard1_replica1
> scdata_test_shard1_replica2
> Sample Java client
> ------------------------
> package com.test.solr.auth;
> import java.util.concurrent.TimeUnit;
> import org.apache.solr.client.solrj.SolrRequest;
> import org.apache.solr.client.solrj.impl.CloudSolrClient;
> import org.apache.solr.client.solrj.request.QueryRequest;
> import org.apache.solr.common.SolrInputDocument;
> public class SolrPopulateWithSSLAndBasicAuth {
> public SolrPopulateWithSSLAndBasicAuth() {
> }
> @SuppressWarnings("rawtypes")
> public static void main(String[] args) {
> // https://cwiki.apache.org/confluence/display/solr/Using+SolrJ
> //Standalone client
> //String urlString = "http://localhost:8983/solr/techproducts";;
> //SolrClient solr = new
> HttpSolrClient.Builder(urlString).build();
> try {
> System.setProperty("javax.net.ssl.keyStore",
> "C:/Users/nbasetty/Desktop/Solr-Dev-Cluster/solr-ssl.keystore.dev01.jks");
> System.setProperty("javax.net.ssl.keyStorePassword",
> "secret");
> System.setProperty("javax.net.ssl.trustStore",
> "C:/Users/nbasetty/Desktop/Solr-Dev-Cluster/solr-ssl.keystore.dev01.jks");
> System.setProperty("javax.net.ssl.trustStorePassword",
> "secret");
> System.out.println(" Certificates setup done..");
> String zkHosts =
> "pcam-dev-app-01:2181,pcam-dev-app-01:2182,pcam-dev-app-02:2183/solr";
> CloudSolrClient solrClient = new
> CloudSolrClient.Builder().withZkHost(zkHosts).build();
> solrClient.setDefaultCollection("scdata_test");
> System.out.println(" ZooKeeper nodes setup done..");
> SolrRequest solrRequest = new QueryRequest();
> solrRequest.setBasicAuthCredentials("solr",
> "SolrRocks");
> solrClient.request(solrRequest);
> //solrClient.request(solrRequest,
> solrClient.getDefaultCollection());
> //QueryResponse response = solrClient.query(query,
> METHOD.POST);
> long start = System.nanoTime();
> for (int i = 1; i <= 500; ++i) {
> SolrInputDocument doc = new SolrInputDocument();
> doc.addField("cat_s", "book");
> doc.addField("id", "book-" + i);
> doc.addField("name_s", "The Legend of the
> Hobbit part " + i);
> solrClient.add(doc);
> System.out.println(" Object id : " + i);
> if (i % 100 == 0){
> System.out.println(" Every 100 records
> flush it");
> solrClient.commit(); // periodically
> flush
> }
> }
> solrClient.commit();
> solrClient.close();
> long end = System.nanoTime();
> long seconds = TimeUnit.NANOSECONDS.toSeconds(end -
> start);
> System.out.println(" All records are indexed, took " +
> seconds + " seconds");
> } catch (Exception e) {
> e.printStackTrace();
> }
>
> }
> }
> ERROR
> ----------
> SLF4J: See http://www.slf4j.org/codes.html#no_static_mdc_binder for further
> details.
> org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: Error from
> server at https://pcam-dev-app-01:8984/solr/scdata_test_shard1_replica1:
> Expected mime type application/octet-stream but got text/html. <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 401 require authentication</title>
> </head>
> <body><h2>HTTP ERROR 401</h2>
> <p>Problem accessing /solr/scdata_test_shard1_replica1/update. Reason:
> <pre> require authentication</pre></p>
> </body>
> </html>
> at
> org.apache.solr.client.solrj.impl.CloudSolrClient.directUpdate(CloudSolrClient.java:697)
> at
> org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1109)
> at
> org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:998)
> at
> org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:934)
> at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149)
> at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:173)
> at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:138)
> at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:152)
> at
> com.test.solr.auth.SolrPopulateWithSSLAndBasicAuth.main(SolrPopulateWithSSLAndBasicAuth.java:42)
> Caused by:
> org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error
> from server at https://pcam-dev-app-01:8984/solr/scdata_test_shard1_replica1:
> Expected mime type application/octet-stream but got text/html. <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 401 require authentication</title>
> </head>
> <body><h2>HTTP ERROR 401</h2>
> <p>Problem accessing /solr/scdata_test_shard1_replica1/update. Reason:
> <pre> require authentication</pre></p>
> </body>
> </html>
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:558)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:259)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248)
> at
> org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:404)
> at
> org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:357)
> at
> org.apache.solr.client.solrj.impl.CloudSolrClient.lambda$directUpdate$14(CloudSolrClient.java:674)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$22(ExecutorUtil.java:229)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
