[
https://issues.apache.org/jira/browse/SOLR-14569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17136056#comment-17136056
]
Isabelle Giguere edited comment on SOLR-14569 at 6/15/20, 5:45 PM:
-------------------------------------------------------------------
Hi [~gerlowskija]
Good catches. Sorry. Trying to work fast... ;)
I did encounter the issue, at first, with a valid security.json. The one I
uploaded does have a typo in it. Correcting it (new upload). And I just
tested again, to be sure, with valid security.json, and attached config.
Result is still HTTP 401 for me (on CentOS 7.7, if that matters)
I just ran the unit test again, with the right password. It passed ! It means
there's something wrong with the configuration.
But how can solrconfig.xml or schema.xml have an impact on authentication, or
alias queries in general ? That doesn't make sense. There's no documented
incompatibility that I'm aware of.
was (Author: igiguere):
Hi [~gerlowskija]
Good catches. Sorry. Trying to work fast... ;)
I did encounter the issue, at first, with a valid security.json. The one I
uploaded does have a typo in it. Correcting it (new upload). And I just
tested again, to be sure, with valid security.json, and attached config.
Result is still HTTP 401 for me (on CentOS 7.7, if that matters)
I'm running the unit test again, with the right password. If it passes... It
means there's something wrong with the configuration.
But how can solrconfig.xml or schema.xml have an impact on authentication, or
alias queries in general ? That doesn't make sense.
> HTTP 401 when searching on alias in secured Solr
> ------------------------------------------------
>
> Key: SOLR-14569
> URL: https://issues.apache.org/jira/browse/SOLR-14569
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Affects Versions: master (9.0), 8.5
> Environment: Unit test on master branch (9x) built on Windows 10 with
> Java 11
> Solr 8.5.0 instance running on CentOS 7.7 with Java 11
> Reporter: Isabelle Giguere
> Priority: Major
> Attachments: SOLR-14569.patch, security.json, security.json,
> solr_conf.zip
>
>
> The issue was first noticed on an instance of Solr 8.5.0, after securing Solr
> with security.json.
> Searching on a single collection returns the expected results, but searching
> on an alias returns HTTP 401.
> *Note that this issue is not reproduced when the collections are created
> using the _default configuration.*
> The attached patch includes a unit test that reproduces the issue.
> *Patch applies on master branch (9x)*: Do not include in the regular build !
> The test is failing to illustrate this issue.
> The unit test is added to the test class that was originally part of the
> patch to fix SOLR-13510.
> I also attach:
> - our product-specific Solr configuration, modified to remove irrelevant
> plugins and fields
> - security.json with user 'admin' (pwd 'admin')
> -- Note that forwardCredentials true or false does not modify the behavior
> To test with this configuration:
> - Download and unzip Solr 8.5.0
> - Modify ./bin/solr.in.sh :
> -- ZK_HOST (optional)
> -- SOLR_AUTH_TYPE="basic"
> -- SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
> - Upload security.json into Zookeeper
> -- ./bin/solr zk cp file:/path/to/security.json
> zk:/path/to/solr/security.json [-z <zk_host>:<zk_port>[/<solr>]]
> - Start Solr in cloud mode
> -- ./bin/solr -c
> - Upload the provided configuration
> - ./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d
> /path/to/folder/conf/
> - Create 2 collections using the uploaded configuration
> -- test1, test2
> - Create an alias grouping the 2 collections
> -- test = test1, test2
> - Query (/select?q=\*:\*) one collection
> -- results in successful Solr response
> - Query the alias (/select?q=\*:\*)
> -- results in HTTP 401
> There is no need to add documents to observe the issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
