[ https://issues.apache.org/jira/browse/SOLR-9313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15383573#comment-15383573 ]
narayana b commented on SOLR-9313: ---------------------------------- Error httpShardExecutor-4-thread-2-processing-n:pcam-dev-app-01:8983_solr [https:////pcam-dev-app-02:8984//solr] https:////pcam-dev-app-02:8984//solr, called closeSocket() httpShardExecutor-4-thread-4-processing-n:pcam-dev-app-01:8983_solr [https:////pcam-dev-app-02:8983//solr] https:////pcam-dev-app-02:8983//solr, called closeSocket() httpShardExecutor-4-thread-2-processing-n:pcam-dev-app-01:8983_solr [https:////pcam-dev-app-02:8984//solr] https:////pcam-dev-app-02:8984//solr, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target httpShardExecutor-4-thread-4-processing-n:pcam-dev-app-01:8983_solr [https:////pcam-dev-app-02:8983//solr] https:////pcam-dev-app-02:8983//solr, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target httpShardExecutor-4-thread-2-processing-n:pcam-dev-app-01:8983_solr [https:////pcam-dev-app-02:8984//solr] https:////pcam-dev-app-02:8984//solr, called close() httpShardExecutor-4-thread-4-processing-n:pcam-dev-app-01:8983_solr [https:////pcam-dev-app-02:8983//solr] https:////pcam-dev-app-02:8983//solr, called close() httpShardExecutor-4-thread-4-processing-n:pcam-dev-app-01:8983_solr [https:////pcam-dev-app-02:8983//solr] https:////pcam-dev-app-02:8983//solr, called closeInternal(true) httpShardExecutor-4-thread-2-processing-n:pcam-dev-app-01:8983_solr [https:////pcam-dev-app-02:8984//solr] https:////pcam-dev-app-02:8984//solr, called closeInternal(true) 658677 ERROR (OverseerThreadFactory-5-thread-1-processing-n:pcam-dev-app-01:8983_solr) [ ] o.a.s.c.OverseerCollectionMessageHandler Error from shard: https://pcam-dev-app-02:8984/solr org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://pcam-dev-app-02:8984/solr at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:604) at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:259) at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248) at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219) at org.apache.solr.handler.component.HttpShardHandler.lambda$submit$65(HttpShardHandler.java:195) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$22(ExecutorUtil.java:229) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:495) ... 11 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ... 29 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ... 35 more 658695 ERROR (OverseerThreadFactory-5-thread-1-processing-n:pcam-dev-app-01:8983_solr) [ ] o.a.s.c.OverseerCollectionMessageHandler Error from shard: https://pcam-dev-app-02:8983/solr org.apache.solr.client.solrj.SolrServerException: IOException occured when talking to server at: https://pcam-dev-app-02:8983/solr at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:604) at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:259) at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248) at org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1219) at org.apache.solr.handler.component.HttpShardHandler.lambda$submit$65(HttpShardHandler.java:195) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$22(ExecutorUtil.java:229) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:495) ... 11 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ... 29 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ... 35 more > Solr 6.1.0 SSL, and Basic Auth - shards index failed > ---------------------------------------------------- > > Key: SOLR-9313 > URL: https://issues.apache.org/jira/browse/SOLR-9313 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication > Affects Versions: 6.1 > Environment: RHEL 7.2, Solr 6.1.0, Java 1.8, zk 3.4.8 > Reporter: narayana b > Priority: Blocker > Labels: security > > Hi, > This is a blocker, shards collection seeking for auth with 401 error. > I have provided auth details in my java client then too failing to index on > shards collection > I have 2 boxes (dev01,dev02) > Zookeeper with chroot (/solr) > ------------------------------------ > dev01 - zoo1:2181, zoo2:2182 > dev02 - zoo3:2183 > solr jvm instances: > ----------------------- > dev01 - solrjvm1 - 8983, solrjvm2 - 8984 > dev02 - solrjvm1 - 8983, solrjvm2 - 8984 > I enabled solr SSL channel, followed below link, i have used self signed > certificate > https://cwiki.apache.org/confluence/display/solr/Enabling+SSL > Basic auth: > https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin > security.json > ---------------- > { > "authentication":{ > "blockUnknown": true, > "class":"solr.BasicAuthPlugin", > "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= > Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} > }, > "authorization":{ > "class":"solr.RuleBasedAuthorizationPlugin", > "user-role":{"solr":"admin"}, > "permissions":[ > {"name":"security-edit", "role":"admin"}, > {"name":"config-edit", "role":"admin"}, > {"name":"collection-admin-edit", > "role":"admin"}, > {"name":"all", "collection":null, "path":"/*", > "role":"admin"}, > {"name":"update", "collection":null, > "path":"/*", "role":"admin"} > ] > } > } > Collection CREATE/DELETE via browser > https://pcam-dev-app-01:8983/solr/admin/collections?action=DELETE&name=scdata_test > https://pcam-dev-app-01:8983/solr/admin/collections?action=CREATE&name=scdata_test&numShards=1&replicationFactor=2&createNodeSet=pcam-dev-app-01:8983_solr,pcam-dev-app-01:8984_solr&collection.configName=scdata > Two shards created: > ------------------------- > scdata_test_shard1_replica1 > scdata_test_shard1_replica2 > Sample Java client > ------------------------ > package com.test.solr.auth; > import java.util.concurrent.TimeUnit; > import org.apache.solr.client.solrj.SolrRequest; > import org.apache.solr.client.solrj.impl.CloudSolrClient; > import org.apache.solr.client.solrj.request.QueryRequest; > import org.apache.solr.common.SolrInputDocument; > public class SolrPopulateWithSSLAndBasicAuth { > public SolrPopulateWithSSLAndBasicAuth() { > } > @SuppressWarnings("rawtypes") > public static void main(String[] args) { > // https://cwiki.apache.org/confluence/display/solr/Using+SolrJ > //Standalone client > //String urlString = "http://localhost:8983/solr/techproducts"; > //SolrClient solr = new > HttpSolrClient.Builder(urlString).build(); > try { > System.setProperty("javax.net.ssl.keyStore", > "C:/Users/nbasetty/Desktop/Solr-Dev-Cluster/solr-ssl.keystore.dev01.jks"); > System.setProperty("javax.net.ssl.keyStorePassword", > "secret"); > System.setProperty("javax.net.ssl.trustStore", > "C:/Users/nbasetty/Desktop/Solr-Dev-Cluster/solr-ssl.keystore.dev01.jks"); > System.setProperty("javax.net.ssl.trustStorePassword", > "secret"); > System.out.println(" Certificates setup done.."); > String zkHosts = > "pcam-dev-app-01:2181,pcam-dev-app-01:2182,pcam-dev-app-02:2183/solr"; > CloudSolrClient solrClient = new > CloudSolrClient.Builder().withZkHost(zkHosts).build(); > solrClient.setDefaultCollection("scdata_test"); > System.out.println(" ZooKeeper nodes setup done.."); > SolrRequest solrRequest = new QueryRequest(); > solrRequest.setBasicAuthCredentials("solr", > "SolrRocks"); > solrClient.request(solrRequest); > //solrClient.request(solrRequest, > solrClient.getDefaultCollection()); > //QueryResponse response = solrClient.query(query, > METHOD.POST); > long start = System.nanoTime(); > for (int i = 1; i <= 500; ++i) { > SolrInputDocument doc = new SolrInputDocument(); > doc.addField("cat_s", "book"); > doc.addField("id", "book-" + i); > doc.addField("name_s", "The Legend of the > Hobbit part " + i); > solrClient.add(doc); > System.out.println(" Object id : " + i); > if (i % 100 == 0){ > System.out.println(" Every 100 records > flush it"); > solrClient.commit(); // periodically > flush > } > } > solrClient.commit(); > solrClient.close(); > long end = System.nanoTime(); > long seconds = TimeUnit.NANOSECONDS.toSeconds(end - > start); > System.out.println(" All records are indexed, took " + > seconds + " seconds"); > } catch (Exception e) { > e.printStackTrace(); > } > > } > } > ERROR > ---------- > SLF4J: See http://www.slf4j.org/codes.html#no_static_mdc_binder for further > details. > org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: Error from > server at https://pcam-dev-app-01:8984/solr/scdata_test_shard1_replica1: > Expected mime type application/octet-stream but got text/html. <html> > <head> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > <title>Error 401 require authentication</title> > </head> > <body><h2>HTTP ERROR 401</h2> > <p>Problem accessing /solr/scdata_test_shard1_replica1/update. Reason: > <pre> require authentication</pre></p> > </body> > </html> > at > org.apache.solr.client.solrj.impl.CloudSolrClient.directUpdate(CloudSolrClient.java:697) > at > org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1109) > at > org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:998) > at > org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:934) > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:149) > at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:173) > at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:138) > at org.apache.solr.client.solrj.SolrClient.add(SolrClient.java:152) > at > com.test.solr.auth.SolrPopulateWithSSLAndBasicAuth.main(SolrPopulateWithSSLAndBasicAuth.java:42) > Caused by: > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error > from server at https://pcam-dev-app-01:8984/solr/scdata_test_shard1_replica1: > Expected mime type application/octet-stream but got text/html. <html> > <head> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > <title>Error 401 require authentication</title> > </head> > <body><h2>HTTP ERROR 401</h2> > <p>Problem accessing /solr/scdata_test_shard1_replica1/update. Reason: > <pre> require authentication</pre></p> > </body> > </html> > at > org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:558) > at > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:259) > at > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248) > at > org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:404) > at > org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:357) > at > org.apache.solr.client.solrj.impl.CloudSolrClient.lambda$directUpdate$14(CloudSolrClient.java:674) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$22(ExecutorUtil.java:229) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org