[jira] [Updated] (SOLR-14569) Configuring a shardHandlerFactory on the /select requestHandler results in HTTP 401 when searching on alias in secured Solr

[Isabelle Giguere (Jira)]

     [ 
https://issues.apache.org/jira/browse/SOLR-14569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Isabelle Giguere updated SOLR-14569:
------------------------------------
    Summary: Configuring a shardHandlerFactory on the /select requestHandler 
results in HTTP 401 when searching on alias in secured Solr  (was: HTTP 401 
when searching on alias in secured Solr)

> Configuring a shardHandlerFactory on the /select requestHandler results in 
> HTTP 401 when searching on alias in secured Solr
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-14569
>                 URL: https://issues.apache.org/jira/browse/SOLR-14569
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication
>    Affects Versions: master (9.0), 8.5
>         Environment: Unit test on master branch (9x) built on Windows 10 with 
> Java 11
> Solr 8.5.0 instance running on CentOS 7.7 with Java 11
>            Reporter: Isabelle Giguere
>            Priority: Major
>         Attachments: SOLR-14569.patch, SOLR-14569.patch, 
> curl_requests-responses.txt, security.json, security.json, solr.log, 
> solr_conf.zip, updated_solr_conf.zip
>
>
> The issue was first noticed on an instance of Solr 8.5.0, after securing Solr 
> with security.json.
> Searching on a single collection returns the expected results, but searching 
> on an alias returns HTTP 401.
> *Note that this issue is not reproduced when the collections are created 
> using the _default configuration.*
> The attached patch includes a unit test to query on an alias.  *Fixed and 
> updated as per [~gerlowskija]' comments*
>  *Patch applies on master branch (9x)*.
>  The unit test is added to the test class that was originally part of the 
> patch to fix SOLR-13510.
> I also attach:
>  - our product-specific Solr configuration, modified to remove irrelevant 
> plugins and fields
>  - security.json with user 'admin' (pwd 'admin')
>  -- Note that forwardCredentials true or false does not modify the behavior
> To test with this configuration:
>  - Download and unzip Solr 8.5.0
>  - Modify ./bin/solr.in.sh :
>  -- ZK_HOST (optional)
>  -- SOLR_AUTH_TYPE="basic"
>  -- SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
>  - Upload security.json into Zookeeper
>  -- ./bin/solr zk cp 
> [file:/path/to/security.json|file:///path/to/security.json] 
> zk:/path/to/solr/security.json [-z <zk_host>:<zk_port>[/<solr>]]
>  - Start Solr in cloud mode
>  -- ./bin/solr -c
>  - Upload the provided configuration
>  - ./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d 
> /path/to/folder/conf/
>  - Create 2 collections using the uploaded configuration
>  -- test1, test2
>  - Create an alias grouping the 2 collections
>  -- test = test1, test2
>  - Query (/select?q=*:*) one collection
>  -- results in successful Solr response
>  - Query the alias (/select?q=*:*)
>  -- results in HTTP 401
> There is no need to add documents to observe the issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org