[
https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848744#comment-17848744
]
ASF subversion and git services commented on SOLR-12813:
--------------------------------------------------------
Commit 0551589dffb13e25c25d6237914e2b35e2238e98 in solr's branch
refs/heads/main from Rudi Seitz
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=0551589dffb ]
SOLR-12813 followup -- preserve user Principal in alternate codepath in
EmbeddedSolrServer (#2429)
EmbeddedSolrServer#request() has two separate codepaths where a
SolrQueryRequest is created using the _parser.buildRequestFrom() utility
method. The first codepath is active when the relevant SolrRequestHandler can
be gotten from the CoreContainer. The second codepath is active when
coreContainer.getRequestHandler(path) returns null and instead we have to get
the SolrRequestHandler directly from the SolrCore. This second codepath is the
one that's used in subquery execution. It was updated in the initial fix for
SOLR-12813 so that the call to _parser.buildRequestFrom() would now include the
user Principal. However, the first codepath was left alone because it was not
found to be involved in subquery execution. In the present commit, the first
codepath is being updated as well. This change is not needed for addressing the
issue described in SOLR-12813, but it is being made in the interest of keeping
the logic as consistent as possible across the two codepaths in
EmbeddedSolrServer.request()
> SolrCloud + 2 shards + subquery + auth = 401 Exception
> ------------------------------------------------------
>
> Key: SOLR-12813
> URL: https://issues.apache.org/jira/browse/SOLR-12813
> Project: Solr
> Issue Type: Bug
> Components: security, SolrCloud
> Affects Versions: 6.4.1, 7.5, 8.11
> Reporter: Igor Fedoryn
> Assignee: Eric Pugh
> Priority: Major
> Fix For: 9.7
>
> Attachments: screen1.png, screen2.png
>
> Time Spent: 4h 10m
> Remaining Estimate: 0h
>
> Environment: * Solr 6.4.1
> * Zookeeper 3.4.6
> * Java 1.8
> Run Zookeeper
> Upload simple configuration wherein the Solr schema has fields for a
> relationship between parent/child
> Run two Solr instance (2 nodes)
> Create the collection with 1 shard on each Solr nodes
>
> Add parent document to one shard and child document to another shard.
> The response for: *
> /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id
> v=$row.ParentIdsField}
> correct.
>
> After that add Basic Authentication with some user for collection.
> Restart Solr or reload Solr collection.
> If the simple request /select?q=*:* with authorization on Solr server is a
> success then run previously request
> with authorization on Solr server and you get the exception: "Solr HTTP
> error: Unauthorized (401) "
>
> Screens in the attachment.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
