[
https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848745#comment-17848745
]
ASF subversion and git services commented on SOLR-12813:
--------------------------------------------------------
Commit 2a84def1cccbac76bc0df791f66458663fe35f9b in solr's branch
refs/heads/branch_9x from Rudi Seitz
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=2a84def1ccc ]
SOLR-12813 followup -- preserve user Principal in alternate codepath in
EmbeddedSolrServer (#2429)
EmbeddedSolrServer#request() has two separate codepaths where a
SolrQueryRequest is created using the _parser.buildRequestFrom() utility
method. The first codepath is active when the relevant SolrRequestHandler can
be gotten from the CoreContainer. The second codepath is active when
coreContainer.getRequestHandler(path) returns null and instead we have to get
the SolrRequestHandler directly from the SolrCore. This second codepath is the
one that's used in subquery execution. It was updated in the initial fix for
SOLR-12813 so that the call to _parser.buildRequestFrom() would now include the
user Principal. However, the first codepath was left alone because it was not
found to be involved in subquery execution. In the present commit, the first
codepath is being updated as well. This change is not needed for addressing the
issue described in SOLR-12813, but it is being made in the interest of keeping
the logic as consistent as possible across the two codepaths in
EmbeddedSolrServer.request()
> SolrCloud + 2 shards + subquery + auth = 401 Exception
> ------------------------------------------------------
>
> Key: SOLR-12813
> URL: https://issues.apache.org/jira/browse/SOLR-12813
> Project: Solr
> Issue Type: Bug
> Components: security, SolrCloud
> Affects Versions: 6.4.1, 7.5, 8.11
> Reporter: Igor Fedoryn
> Assignee: Eric Pugh
> Priority: Major
> Fix For: 9.7
>
> Attachments: screen1.png, screen2.png
>
> Time Spent: 4h 10m
> Remaining Estimate: 0h
>
> Environment: * Solr 6.4.1
> * Zookeeper 3.4.6
> * Java 1.8
> Run Zookeeper
> Upload simple configuration wherein the Solr schema has fields for a
> relationship between parent/child
> Run two Solr instance (2 nodes)
> Create the collection with 1 shard on each Solr nodes
>
> Add parent document to one shard and child document to another shard.
> The response for: *
> /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id
> v=$row.ParentIdsField}
> correct.
>
> After that add Basic Authentication with some user for collection.
> Restart Solr or reload Solr collection.
> If the simple request /select?q=*:* with authorization on Solr server is a
> success then run previously request
> with authorization on Solr server and you get the exception: "Solr HTTP
> error: Unauthorized (401) "
>
> Screens in the attachment.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
