[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17851500#comment-17851500 ] ASF subversion and git services commented on SOLR-12813: Commit 0551589dffb13e25c25d6237914e2b35e2238e98 in solr's branch refs/heads/jira/17134 from Rudi Seitz [ https://gitbox.apache.org/repos/asf?p=solr.git;h=0551589dffb ] SOLR-12813 followup -- preserve user Principal in alternate codepath in EmbeddedSolrServer (#2429) EmbeddedSolrServer#request() has two separate codepaths where a SolrQueryRequest is created using the _parser.buildRequestFrom() utility method. The first codepath is active when the relevant SolrRequestHandler can be gotten from the CoreContainer. The second codepath is active when coreContainer.getRequestHandler(path) returns null and instead we have to get the SolrRequestHandler directly from the SolrCore. This second codepath is the one that's used in subquery execution. It was updated in the initial fix for SOLR-12813 so that the call to _parser.buildRequestFrom() would now include the user Principal. However, the first codepath was left alone because it was not found to be involved in subquery execution. In the present commit, the first codepath is being updated as well. This change is not needed for addressing the issue described in SOLR-12813, but it is being made in the interest of keeping the logic as consistent as possible across the two codepaths in EmbeddedSolrServer.request() > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Assignee: Eric Pugh >Priority: Major > Fix For: 9.7 > > Attachments: screen1.png, screen2.png > > Time Spent: 4h 10m > Remaining Estimate: 0h > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848745#comment-17848745 ] ASF subversion and git services commented on SOLR-12813: Commit 2a84def1cccbac76bc0df791f66458663fe35f9b in solr's branch refs/heads/branch_9x from Rudi Seitz [ https://gitbox.apache.org/repos/asf?p=solr.git;h=2a84def1ccc ] SOLR-12813 followup -- preserve user Principal in alternate codepath in EmbeddedSolrServer (#2429) EmbeddedSolrServer#request() has two separate codepaths where a SolrQueryRequest is created using the _parser.buildRequestFrom() utility method. The first codepath is active when the relevant SolrRequestHandler can be gotten from the CoreContainer. The second codepath is active when coreContainer.getRequestHandler(path) returns null and instead we have to get the SolrRequestHandler directly from the SolrCore. This second codepath is the one that's used in subquery execution. It was updated in the initial fix for SOLR-12813 so that the call to _parser.buildRequestFrom() would now include the user Principal. However, the first codepath was left alone because it was not found to be involved in subquery execution. In the present commit, the first codepath is being updated as well. This change is not needed for addressing the issue described in SOLR-12813, but it is being made in the interest of keeping the logic as consistent as possible across the two codepaths in EmbeddedSolrServer.request() > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Assignee: Eric Pugh >Priority: Major > Fix For: 9.7 > > Attachments: screen1.png, screen2.png > > Time Spent: 4h 10m > Remaining Estimate: 0h > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848744#comment-17848744 ] ASF subversion and git services commented on SOLR-12813: Commit 0551589dffb13e25c25d6237914e2b35e2238e98 in solr's branch refs/heads/main from Rudi Seitz [ https://gitbox.apache.org/repos/asf?p=solr.git;h=0551589dffb ] SOLR-12813 followup -- preserve user Principal in alternate codepath in EmbeddedSolrServer (#2429) EmbeddedSolrServer#request() has two separate codepaths where a SolrQueryRequest is created using the _parser.buildRequestFrom() utility method. The first codepath is active when the relevant SolrRequestHandler can be gotten from the CoreContainer. The second codepath is active when coreContainer.getRequestHandler(path) returns null and instead we have to get the SolrRequestHandler directly from the SolrCore. This second codepath is the one that's used in subquery execution. It was updated in the initial fix for SOLR-12813 so that the call to _parser.buildRequestFrom() would now include the user Principal. However, the first codepath was left alone because it was not found to be involved in subquery execution. In the present commit, the first codepath is being updated as well. This change is not needed for addressing the issue described in SOLR-12813, but it is being made in the interest of keeping the logic as consistent as possible across the two codepaths in EmbeddedSolrServer.request() > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Assignee: Eric Pugh >Priority: Major > Fix For: 9.7 > > Attachments: screen1.png, screen2.png > > Time Spent: 4h 10m > Remaining Estimate: 0h > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17841461#comment-17841461 ] ASF subversion and git services commented on SOLR-12813: Commit 25d5f6988e9cb290ab68928c84df5eb6bc641bd0 in solr's branch refs/heads/branch_9x from Rudi Seitz [ https://gitbox.apache.org/repos/asf?p=solr.git;h=25d5f6988e9 ] SOLR-12813: subqueries should respect basic auth (#2404) Fix issue where a basic auth user principal is lost when issuing a subquery in a way that spans multiple shards: - SubQueryAugmenterFactory now passes the user principal from the main SolrQueryRequest down into each QueryRequest created for the subquery. - EmbeddedSolrServer now preserves the user principal when it transforms a SolrRequest into a SolrQueryRequest. The method that does this transformation is SolrRequestParsers.buildRequestFrom(). This method now accepts a user principal and returns a SolrQueryRequestBase that returns the same principal provided. - Co-authored-by: Eric Pugh > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Priority: Major > Attachments: screen1.png, screen2.png > > Time Spent: 2h 10m > Remaining Estimate: 0h > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17841457#comment-17841457 ] ASF subversion and git services commented on SOLR-12813: Commit 54aa923f008108c54bfa608d4770ea86b15ae291 in solr's branch refs/heads/main from Rudi Seitz [ https://gitbox.apache.org/repos/asf?p=solr.git;h=54aa923f008 ] SOLR-12813: subqueries should respect basic auth (#2404) Fix issue where a basic auth user principal is lost when issuing a subquery in a way that spans multiple shards: - SubQueryAugmenterFactory now passes the user principal from the main SolrQueryRequest down into each QueryRequest created for the subquery. - EmbeddedSolrServer now preserves the user principal when it transforms a SolrRequest into a SolrQueryRequest. The method that does this transformation is SolrRequestParsers.buildRequestFrom(). This method now accepts a user principal and returns a SolrQueryRequestBase that returns the same principal provided. - Co-authored-by: Eric Pugh > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Priority: Major > Attachments: screen1.png, screen2.png > > Time Spent: 2h 10m > Remaining Estimate: 0h > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17840607#comment-17840607 ] Rudi Seitz commented on SOLR-12813: --- Yes, this issue is about BasicAuthPlugin, configured similarly to what is described in the reference guide [here|https://solr.apache.org/guide/solr/latest/deployment-guide/basic-authentication-plugin.html#enable-basic-authentication] This ticket is basically saying that the transparent instrumentation of AuthenticationPlugin can break in some cases – specifically in the scenario of a subquery executed in a multi-shard environment. So why does it break in this particular scenario and not elsewhere? I'll try to provide more detail later, but the basic idea is that the SubQueryAgumenterFactory generates _new_ queries that do not share all the state of the incoming request. And these queries are processed using an EmbeddedSolrServer that doesn't respect the way BasicAuthPlugin is trying to be transparently instrumented. My [PR|https://github.com/apache/solr/pull/2404] shows the specific places where these problems arise and how they can be fixed. To quickly reproduce the issue described in this issue, one can apply the changes I made to TestSubQueryTransformerDistrib so that basic auth is enabled. The modified test should fail against main, without also applying the other changes in the PR that fix the underlying issue. https://github.com/apache/solr/commit/d2503ffd9a7cd58c4449c83ff940b63541fce251 > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Priority: Major > Attachments: screen1.png, screen2.png > > Time Spent: 40m > Remaining Estimate: 0h > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17840566#comment-17840566 ] David Smiley commented on SOLR-12813: - When using basic auth, is this a reference to BasicAuthPlugin, subclass of AuthenticationPlugin? Secondly, does anyone know why only PKIAuthenticationPlugin instruments clients AFAIK, AuthenticationPlugin (of whatever type) is instrumented transparently within Solr so that Solr code usually just-works correctly. > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Priority: Major > Attachments: screen1.png, screen2.png > > Time Spent: 40m > Remaining Estimate: 0h > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17837906#comment-17837906 ] Rudi Seitz commented on SOLR-12813: --- Here's a PR: https://github.com/apache/solr/pull/2404 > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Priority: Major > Attachments: screen1.png, screen2.png > > Time Spent: 10m > Remaining Estimate: 0h > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17837803#comment-17837803 ] Rudi Seitz commented on SOLR-12813: --- I have begun implementing a fix here: [https://github.com/rseitz/solr/commit/c51f038f33b21411ce5c01ccf6d9f4d17690d82b] I found two separate places where credentials are lost. First, the SubQueryAugmenterFactor never sets credentials on the subqueries that it generates. Second, when a subquery is handled by EmbeddedSolrServer, the query goes through various transformations that would drop credentials if they had been present in the first place. The code I'm sharing here fixes both issues and I've tested it manually with collection with 2 shards in a 2-node cluster. The fix only works with forwardCredentials=true. I am working on writing a unit test and creating a PR. In the meantime, I'm eager for any feedback on the proposed changes. > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Priority: Major > Attachments: screen1.png, screen2.png > > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[jira] [Commented] (SOLR-12813) SolrCloud + 2 shards + subquery + auth = 401 Exception
[ https://issues.apache.org/jira/browse/SOLR-12813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17700579#comment-17700579 ] Jan Høydahl commented on SOLR-12813: I felt this Jira describes the issue better than SOLR-12583, so re-openening to treat this as a bug in [subquery transformer|https://solr.apache.org/guide/solr/latest/query-guide/document-transformers.html#subquery] rather than a feature request for "basic auth" support. The [subquery] transformer performs *internal* queries to other nodes by itself in a background thread, and thus auth credentials are lost. In my opinion such sub queries should either inherit the auth of original request (if {{{}forwardCredentials=true{}}}) or use PKI auth. Patches are welcome. > SolrCloud + 2 shards + subquery + auth = 401 Exception > -- > > Key: SOLR-12813 > URL: https://issues.apache.org/jira/browse/SOLR-12813 > Project: Solr > Issue Type: Bug > Components: security, SolrCloud >Affects Versions: 6.4.1, 7.5, 8.11 >Reporter: Igor Fedoryn >Priority: Major > Attachments: screen1.png, screen2.png > > > Environment: * Solr 6.4.1 > * Zookeeper 3.4.6 > * Java 1.8 > Run Zookeeper > Upload simple configuration wherein the Solr schema has fields for a > relationship between parent/child > Run two Solr instance (2 nodes) > Create the collection with 1 shard on each Solr nodes > > Add parent document to one shard and child document to another shard. > The response for: * > /select?q=ChildIdField:VALUE&fl=*,parents:[subqery]&parents.q=\{!term f=id > v=$row.ParentIdsField} > correct. > > After that add Basic Authentication with some user for collection. > Restart Solr or reload Solr collection. > If the simple request /select?q=*:* with authorization on Solr server is a > success then run previously request > with authorization on Solr server and you get the exception: "Solr HTTP > error: Unauthorized (401) " > > Screens in the attachment. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org