Re: Need help on Solr authorization
My guess is that you're using a self-signed cert and the certificate path
can't be verified. Either that or your cert was signed by a CA that your
JVM doesn't recognize. There's a good article about diagnosing SSL problems
here:
https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html
Good luck!
-Scott
On Fri, Jan 18, 2019 at 6:03 AM sathish kumar
wrote:
> Hi,
> Anyone got a chance to have a look at the issue i had posted?
> Please throw some inputs.
>
> -Sathish
>
> On Fri, 11 Jan 2019, 8:10 pm sathish kumar,
> wrote:
>
> > Hi,
> >
> > We have a two node Solr setup(version is 7.2.1) with embedded zookeeper
> > running in Solr Server 1.
> >
> > We have recently enabled SSL and also enabled basic authentication and
> > RuleBasedAuthorizationPlugin.
> >
> > As part of testing, created new user with admin role and assigned the
> > permissions "collection-admin-read" & “read” to this role.
> >
> > When I try to query a data for any collection name, the system is unable
> > to talk with shards of other server.
> >
> > I am getting the following error in both command line and Solr admin
> > browser.
> >
> > Can someone help me to identify what configurations I am missing? Let me
> > know if you need any more info.
> >
> >
> >
> > Followed this url for SSL setup:
> > https://lucene.apache.org/solr/guide/7_2/enabling-ssl.html
> >
> > Command used: curl --cacert solr-ssl.cacert.pem --user solr:SolrRocks
> > https://solr-node-1:8080/solr//select?q=*:*
> >
> >
> > Error:
> >
> > {
> >
> > "error":{
> >
> > "metadata":[
> >
> > "error-class","org.apache.solr.common.SolrException",
> >
> >
> >
> "root-error-class","sun.security.provider.certpath.SunCertPathBuilderException"],
> >
> > "msg":"Error trying to proxy request for url:
> > https://solr-node-2:8080/solr/ba_test/select";,
> >
> > "trace":"org.apache.solr.common.SolrException: Error trying to proxy
> > request for url: https://solr-node-2:8080/solr/ba_test/select\n\tat
> >
> org.apache.solr.servlet.HttpSolrCall.remoteQuery(HttpSolrCall.java:646)\n\tat
> > org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:500)\n\tat
> >
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:382)\n\tat
> >
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:326)\n\tat
> >
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751)\n\tat
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)\n\tat
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)\n\tat
> >
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)\n\tat
> >
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)\n\tat
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)\n\tat
> >
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)\n\tat
> >
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)\n\tat
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)\n\tat
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\n\tat
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)\n\tat
> >
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)\n\tat
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat
> >
> org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)\n\tat
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat
> > org.eclipse.jetty.server.Server.handle(Server.java:534)\n\tat
> > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)\n\tat
> >
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)\n\tat
> > org.eclipse.jetty.io
> .AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat
> > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat
> >
> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251)\n\tat
> > org.eclipse.jetty.io
> .AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat
> > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat
> > org.eclipse.jetty.io
> .SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)\n\tat
> >
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)\n\tat
> >
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)\n\tat
> >
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)\n\tat
> >
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)\n
Re: Need help on Solr authorization
Hi,
Anyone got a chance to have a look at the issue i had posted?
Please throw some inputs.
-Sathish
On Fri, 11 Jan 2019, 8:10 pm sathish kumar,
wrote:
> Hi,
>
> We have a two node Solr setup(version is 7.2.1) with embedded zookeeper
> running in Solr Server 1.
>
> We have recently enabled SSL and also enabled basic authentication and
> RuleBasedAuthorizationPlugin.
>
> As part of testing, created new user with admin role and assigned the
> permissions "collection-admin-read" & “read” to this role.
>
> When I try to query a data for any collection name, the system is unable
> to talk with shards of other server.
>
> I am getting the following error in both command line and Solr admin
> browser.
>
> Can someone help me to identify what configurations I am missing? Let me
> know if you need any more info.
>
>
>
> Followed this url for SSL setup:
> https://lucene.apache.org/solr/guide/7_2/enabling-ssl.html
>
> Command used: curl --cacert solr-ssl.cacert.pem --user solr:SolrRocks
> https://solr-node-1:8080/solr//select?q=*:*
>
>
> Error:
>
> {
>
> "error":{
>
> "metadata":[
>
> "error-class","org.apache.solr.common.SolrException",
>
>
>
> "root-error-class","sun.security.provider.certpath.SunCertPathBuilderException"],
>
> "msg":"Error trying to proxy request for url:
> https://solr-node-2:8080/solr/ba_test/select";,
>
> "trace":"org.apache.solr.common.SolrException: Error trying to proxy
> request for url: https://solr-node-2:8080/solr/ba_test/select\n\tat
> org.apache.solr.servlet.HttpSolrCall.remoteQuery(HttpSolrCall.java:646)\n\tat
> org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:500)\n\tat
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:382)\n\tat
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:326)\n\tat
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751)\n\tat
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)\n\tat
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)\n\tat
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)\n\tat
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)\n\tat
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)\n\tat
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)\n\tat
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)\n\tat
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)\n\tat
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\n\tat
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)\n\tat
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)\n\tat
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat
> org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)\n\tat
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat
> org.eclipse.jetty.server.Server.handle(Server.java:534)\n\tat
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)\n\tat
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)\n\tat
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat
> org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat
> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251)\n\tat
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat
> org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat
> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)\n\tat
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)\n\tat
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)\n\tat
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)\n\tat
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)\n\tat
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)\n\tat
> java.lang.Thread.run(Thread.java:748)\nCaused by:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target\n\tat
> sun.security.ssl.Alerts.getSSLException(Alerts.java:192)\n\tat
> sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)\n\tat
> sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)\n\tat
> sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)\n\tat
Need help on Solr authorization
Hi,
We have a two node Solr setup(version is 7.2.1) with embedded zookeeper
running in Solr Server 1.
We have recently enabled SSL and also enabled basic authentication and
RuleBasedAuthorizationPlugin.
As part of testing, created new user with admin role and assigned the
permissions "collection-admin-read" & “read” to this role.
When I try to query a data for any collection name, the system is unable to
talk with shards of other server.
I am getting the following error in both command line and Solr admin
browser.
Can someone help me to identify what configurations I am missing? Let me
know if you need any more info.
Followed this url for SSL setup:
https://lucene.apache.org/solr/guide/7_2/enabling-ssl.html
Command used: curl --cacert solr-ssl.cacert.pem --user solr:SolrRocks
https://solr-node-1:8080/solr//select?q=*:*
Error:
{
"error":{
"metadata":[
"error-class","org.apache.solr.common.SolrException",
"root-error-class","sun.security.provider.certpath.SunCertPathBuilderException"],
"msg":"Error trying to proxy request for url:
https://solr-node-2:8080/solr/ba_test/select";,
"trace":"org.apache.solr.common.SolrException: Error trying to proxy
request for url: https://solr-node-2:8080/solr/ba_test/select\n\tat
org.apache.solr.servlet.HttpSolrCall.remoteQuery(HttpSolrCall.java:646)\n\tat
org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:500)\n\tat
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:382)\n\tat
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:326)\n\tat
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751)\n\tat
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)\n\tat
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)\n\tat
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)\n\tat
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)\n\tat
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)\n\tat
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)\n\tat
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)\n\tat
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)\n\tat
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\n\tat
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)\n\tat
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)\n\tat
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat
org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)\n\tat
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat
org.eclipse.jetty.server.Server.handle(Server.java:534)\n\tat
org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)\n\tat
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)\n\tat
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat
org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat
org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251)\n\tat
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat
org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)\n\tat
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)\n\tat
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)\n\tat
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)\n\tat
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)\n\tat
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)\n\tat
java.lang.Thread.run(Thread.java:748)\nCaused by:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target\n\tat
sun.security.ssl.Alerts.getSSLException(Alerts.java:192)\n\tat
sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)\n\tat
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)\n\tat
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)\n\tat
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)\n\tat
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)\n\tat
sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)\n\tat
sun.security.ssl.Handshaker.process_record(Handshaker.java:961)\n\tat
sun.securi
