[ https://issues.apache.org/jira/browse/SOLR-15235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Drob resolved SOLR-15235. ------------------------------ Resolution: Duplicate > Distributed search with index sharding is not working with basic > authentication plugin enabled > ---------------------------------------------------------------------------------------------- > > Key: SOLR-15235 > URL: https://issues.apache.org/jira/browse/SOLR-15235 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication > Affects Versions: 8.7, 8.8.1 > Environment: Arch Linux, zulu JDK 11, Solr 8.8.1 > Reporter: Samir Huremovic > Priority: Blocker > Labels: authentication > > Steps to reproduce (from > https://solr.apache.org/guide/8_8/distributed-search-with-index-sharding.html) > 1. Create two local servers and index two files as described in the docs. > 2. Check that search is working as described in the docs. > 3. Stop the instances. > 4. Add {{security.json}} for both nodes with configuration for auth plugin, > for example > {{{ > "authentication":{ > "blockUnknown": true, > "class":"solr.BasicAuthPlugin", > "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= > Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}, > "realm":"My Solr users", > "forwardCredentials": false > }}}} > 5. Add both nodes to the {{shardsWhitelist}} in both node's {{solr.xml}}, > e.g. {{example/nodes/node1/solr.xml}}: > {{ > <shardHandlerFactory name="shardHandlerFactory" > class="HttpShardHandlerFactory"> > <int name="socketTimeout">${socketTimeout:600000}</int> > <int name="connTimeout">${connTimeout:60000}</int> > <str name="shardsWhitelist">localhost:8984,localhost:8985</str> > </shardHandlerFactory> > }} > 6. Start both nodes again. > 7. Try searching on a single node, should work: {{curl --user solr:SolrRocks > "http://localhost:8984/solr/core1/select?q=*:*&wt=xml&indent=true"}} > 8. Try distributed search on both nodes, should not work anymore: > {{//localhost:8984/solr/core1/select?q=*:*&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"}} > Error: > {{ > ❯ curl --user solr:SolrRocks > "http://localhost:8984/solr/core1/select?q=*:*&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml" > <?xml version="1.0" encoding="UTF-8"?> > <response> > <lst name="responseHeader"> > <int name="status">401</int> > <int name="QTime">173</int> > <lst name="params"> > <str name="q">*:*</str> > <str > name="shards">localhost:8985/solr/core1,localhost:8984/solr/core1</str> > <str name="indent">true</str> > <str name="fl">id,name</str> > <str name="wt">xml</str> > </lst> > </lst> > <lst name="error"> > <lst name="metadata"> > <str > name="error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str> > <str > name="root-error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str> > </lst> > <str name="msg">Error from server at null: Expected mime type > application/octet-stream but got text/html. <html> > <head> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > <title>Error 401 require authentication</title> > </head> > <body><h2>HTTP ERROR 401 require authentication</h2> > <table> > <tr><th>URI:</th><td>/solr/core1/select</td></tr> > <tr><th>STATUS:</th><td>401</td></tr> > <tr><th>MESSAGE:</th><td>require > authentication</td></tr> > <tr><th>SERVLET:</th><td>default</td></tr> > </table> > </body> > </html> > </str> > <int name="code">401</int> > </lst> > </response> > }} > Please adjust the priority if needed, for us this means we cannot use Solr > with basic auth enabled, which means cannot use it at all in cases where it > is a requirement. > I have linked a related issue that seems to be similar. I have applied the > patch from that issue to 8.8.1 and it did not help in my case, therefore I > think it is not the exact same issue. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org