Hi Byzen, To begin with, seems like you didn't add a user for the groups/roles you have defined above in your security.json. You would need to do so in order to be able to send acceptable read/update requests.
In addition, there were a couple of known issues that were reported and fixed and you're hitting those. Those fixes would be released with the upcoming Solr 5.4. Here are the links to those issues: https://issues.apache.org/jira/browse/SOLR-8326 https://issues.apache.org/jira/browse/SOLR-8355 If you still want to just apply patches to 5.3.1 instead of a complete upgrade, I suggest you apply patches from those 2 issues plus from the commit on issue SOLR-8167. -Anshum On Thu, Nov 19, 2015 at 4:21 PM, Byzen Ma <mabaizh...@126.com> wrote: > Hi, I'm not quite familar with security.json. I want to achieve these > implementations. (1)Anyone who wants to do read/select/query action should > be required passwd and username, namely authentication, no matter from > Admin > UI and solrj, especially from Admin UI! For I need to restrict strangers to > reach my solr. (2)Anyone who wants to update, includes delete, create and > so > on, also needs passwd and username same as (1). I config the security.json > as follows: > > > > { > > "authentication":{ > > "class":"solr.BasicAuthPlugin", > > "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= > Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}}, > > "authorization":{ > > "class":"solr.RuleBasedAuthorizationPlugin", > > "user-role":{"solr":"admin"}, > > "permissions":[ > > { > > "name":"security-edit", > > "role":"admin"}, > > { > > "name":"read", > > "role":"admin"}, > > { > > "name":"update", > > "role":"admin"}], > > "":{"v":3}}} > > > > However, it does't work! More than that, an error happened again and again > when node2 recover from node1. I start my solrcloud by commandLine with > "solr start -e cloud" and set all the configs as default. How can I set the > security.json to achieve my goals? Here are the server logs: > > > > ERROR (RecoveryThread-gettingstarted_shard2_replica2) [c:gettingstarted > s:shard2 r:core_node2 x:gettingstarted_shard2_replica2] > o.a.s.c.RecoveryStrategy Error while trying to > > recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException > : Error from server at > http://(myhost):7574/solr/gettingstarted_shard2_replica1: Expected mime > type > application/octet-stream but got text/html. <html> > > <head> > > <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> > > <title>Error 401 Unauthorized request, Response code: 401</title> > > </head> > > <body><h2>HTTP ERROR 401</h2> > > <p>Problem accessing /solr/gettingstarted_shard2_replica1/update. Reason: > > <pre> Unauthorized request, Response code: > 401</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> > > > > </body> > > </html> > > > > at > > org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClien > t.java:528) > > at > > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java > :234) > > at > > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java > :226) > > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:135) > > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:152) > > at > > org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java: > 207) > > at > org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:147) > > at > > org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:437) > > at > org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:227) > > Error while trying to > > recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException > : Error from server at > http://(myhost):7574/solr/gettingstarted_shard2_replica1: Expected mime > type > application/octet-stream but got text/html. <html> > > <head> > > <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> > > <title>Error 401 Unauthorized request, Response code: 401</title> > > </head> > > <body><h2>HTTP ERROR 401</h2> > > <p>Problem accessing /solr/gettingstarted_shard2_replica1/update. Reason: > > <pre> Unauthorized request, Response code: > 401</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> > > > > </body> > > </html> > > > > at > > org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClien > t.java:528) > > at > > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java > :234) > > at > > org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java > :226) > > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:135) > > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:152) > > at > > org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java: > 207) > > at > org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:147) > > at > > org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:437) > > at > org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:227) > > 1531614 ERROR (qtp5264648-21) [c:gettingstarted s:shard1 r:core_node1 > x:gettingstarted_shard1_replica2] o.a.s.h.a.ShowFileRequestHandler Can not > find: /configs/gettingstarted/admin-extra.menu-top.html > > 1531614 ERROR (qtp5264648-16) [c:gettingstarted s:shard1 r:core_node1 > x:gettingstarted_shard1_replica2] o.a.s.h.a.ShowFileRequestHandler Can not > find: /configs/gettingstarted/admin-extra.menu-bottom.html > > 1531661 ERROR (qtp5264648-14) [c:gettingstarted s:shard1 r:core_node1 > x:gettingstarted_shard1_replica2] o.a.s.h.a.ShowFileRequestHandler Can not > find: /configs/gettingstarted/admin-extra.html > > ...... > > > > Kind regards, > > Byzen Ma > > -- Anshum Gupta