[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception

Tue, 16 Apr 2024 10:36:21 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17837803#comment-17837803
 ] 

Rudi Seitz commented on SOLR-12813:
-----------------------------------

I have begun implementing a fix here: 
[https://github.com/rseitz/solr/commit/c51f038f33b21411ce5c01ccf6d9f4d17690d82b]

I found two separate places where credentials are lost. First, the 
SubQueryAugmenterFactor never sets credentials on the subqueries that it 
generates. Second, when a subquery is handled by EmbeddedSolrServer, the query 
goes through various transformations that would drop credentials if they had 
been present in the first place. The code I'm sharing here fixes both issues 
and I've tested it manually with collection with 2 shards in a 2-node cluster. 
The fix only works with forwardCredentials=true.

I am working on writing a unit test and creating a PR. In the meantime, I'm 
eager for any feedback on the proposed changes.

> SolrCloud + 2 shards + subquery + auth = 401 Exception
> ------------------------------------------------------
>
>                 Key: SOLR-12813
>                 URL: https://issues.apache.org/jira/browse/SOLR-12813
>             Project: Solr
>          Issue Type: Bug
>          Components: security, SolrCloud
>    Affects Versions: 6.4.1, 7.5, 8.11
>            Reporter: Igor Fedoryn
>            Priority: Major
>         Attachments: screen1.png, screen2.png
>
>
> Environment: * Solr 6.4.1
>  * Zookeeper 3.4.6
>  * Java 1.8
> Run Zookeeper
> Upload simple configuration wherein the Solr schema has fields for a 
> relationship between parent/child
> Run two Solr instance (2 nodes)
> Create the collection with 1 shard on each Solr nodes
>  
> Add parent document to one shard and child document to another shard.
> The response for: * 
> /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id 
> v=$row.ParentIdsField}
> correct.
>  
> After that add Basic Authentication with some user for collection.
> Restart Solr or reload Solr collection.
> If the simple request /select?q=*:* with authorization on Solr server is a 
> success then run previously request
> with authorization on Solr server and you get the exception: "Solr HTTP 
> error: Unauthorized (401) "
>  
> Screens in the attachment.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to