[
https://issues.apache.org/jira/browse/SOLR-16110?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17527630#comment-17527630
]
Eric Pugh commented on SOLR-16110:
----------------------------------
Okay, I just tried it with -Dsolr.disableConfigSetsCreateAuthChecks=true, and
it does avoid the security check, so one issue better understood. (I sent an
email to dev mailing list about if we should be keeping this feature in the 9X
line, and if we do, we ought to document it!).
I went through your steps, on branch_9_0, and I get a JSON parsing error.
Which I referenced in SOLR-16164. I'm going to try the fix I outlined in
SOLR-16164, and then see what happens.
> Using Schema/Config API breaks the File-Upload of Config Set File
> -----------------------------------------------------------------
>
> Key: SOLR-16110
> URL: https://issues.apache.org/jira/browse/SOLR-16110
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrCloud
> Affects Versions: 8.11.1
> Reporter: Steffen Moldenhauer
> Assignee: Eric Pugh
> Priority: Major
> Attachments: SOLR-16110-1.patch, SOLR-16110.patch
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> After using the Schema/Config API to change the config/schema in a config
> set, the UPLOAD of a file to this config set does not work anymore.
> The Schema/Config API changes the metadata that is stored at the config set
> node.
> There is a '\{trusted=false}' / '\{trusted=true} or an empty "no utf8
> Content" but after the Schema/Config API call it is replaced by a single 0
> byte. As a result the following upload of a file with Configset API throws a
> json parse error.
> *Steps to reproduce*
> Run solr cloud example: solr -e cloud -p 8984 Create Config set from
> _default:
> [http://localhost:8984/solr/admin/configs?action=CREATE&name=test&baseName=_default]
> Create Collection with Config set 'test':
> [http://localhost:8984/solr/admin/collections?action=CREATE&name=test&collection.configName=test&numShards=1]
>
> add field with Schema API call:
>
> {code:java}
> curl -X POST -H 'Content-Type: application/json' -i
> http://localhost:8984/solr/test/schema --data '{
> "add-field":{
> "name":"my-field",
> "type":"string",
> "stored":true }
> }'
> {code}
>
>
> Create a file test.json and try to upload it:
> {code:java}
> curl -X POST --header "Content-Type:application/json" --data-binary
> @test.json
> "http://localhost:8983/solr/admin/configs?action=UPLOAD&name=test&filePath=test.json&wt=xml&omitHeader=true"{code}
>
> Response:
> {code:java}
> <?xml version="1.0" encoding="UTF-8"?>
> <response><lst name="error">
> <str name="msg">JSON Parse Error: char=#0;,position=0 AFTER='#0;'
> BEFORE=''</str>
> <str name="trace">org.noggit.JSONParser$ParseException: JSON Parse Error:
> char=#0;,position=0 AFTER='#0;' BEFORE=''
> at org.noggit.JSONParser.err(JSONParser.java:452)
> at
> org.noggit.JSONParser.handleNonDoubleQuoteString(JSONParser.java:819)
> at org.noggit.JSONParser.next(JSONParser.java:1026)
> at org.noggit.JSONParser.nextEvent(JSONParser.java:1073)
> at org.noggit.ObjectBuilder.<init>(ObjectBuilder.java:84)
> at org.apache.solr.common.util.Utils.lambda$static$1(Utils.java:356)
> at org.apache.solr.common.util.Utils.fromJSON(Utils.java:319)
> at org.apache.solr.common.util.Utils.fromJSON(Utils.java:305)
> at
> org.apache.solr.handler.admin.ConfigSetsHandler.isCurrentlyTrusted(ConfigSetsHandler.java:328)
> at
> org.apache.solr.handler.admin.ConfigSetsHandler.ensureOverwritingUntrustedConfigSet(ConfigSetsHandler.java:308)
> at
> org.apache.solr.handler.admin.ConfigSetsHandler.createBaseZnode(ConfigSetsHandler.java:269)
> at
> org.apache.solr.handler.admin.ConfigSetsHandler.handleConfigUploadRequest(ConfigSetsHandler.java:205)
> at
> org.apache.solr.handler.admin.ConfigSetsHandler.handleRequestBody(ConfigSetsHandler.java:113)
> at
> org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:216)
> at
> org.apache.solr.servlet.HttpSolrCall.handleAdmin(HttpSolrCall.java:836)
> at
> org.apache.solr.servlet.HttpSolrCall.handleAdminRequest(HttpSolrCall.java:800)
> at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:545)
> at
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:427)
> at
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:357)
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201)
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> at
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191)
> at
> org.eclipse.jetty.server.handler.InetAccessHandler.handle(InetAccessHandler.java:177)
> at
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at
> org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322)
> at
> org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:763)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.eclipse.jetty.server.Server.handle(Server.java:516)
> at
> org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:400)
> at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:645)
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:392)
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
> at
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
> at
> org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
> at
> org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
> at java.lang.Thread.run(Thread.java:748)
> </str>
> <int name="code">500</int>
> </lst>
> </response>{code}
>
> *Expected Behavior*
> The info at the zookeeper config set node 'trusted=true/false' or 'no content
> ' is kept as it is.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
