Hello Solr Experts, I've hit an issue with Solr and BasicAuth that is stumping me at the moment. We've configured a basic security.json to require BasicAuth credentials for read/update to all collections in Solr, but we allow un-authenticated requests to Solr admin endpoint (don't ask why). It looks like (but with actual encoded password & salt): { "authentication":{ "class":"solr.BasicAuthPlugin", "blockUnknown": false, "credentials":{ "my_search_user":"searchPasswordEncoded searchPasswordSalt" } }, "authorization":{ "class":"solr.RuleBasedAuthorizationPlugin", "permissions":[ {"name":"read", "role":"search_user"}, {"name":"update", "role":"search_user"} ], "user-role":{ "my_search_user":"search_user" } }}
This works as expected *except* that we're getting intermittent 401 responses intermingled with successful searches: 192.168.0.10 - - [11/Jun/2019:00:18:11 +0000] "POST /solr/instance_42300/select HTTP/1.1" *200* 594 1 192.168.0.10 - - [11/Jun/2019:00:18:11 +0000] "POST /solr/instance_42300/select HTTP/1.1" *200* 594 1 192.168.0.10 - - [11/Jun/2019:00:18:11 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 0 192.168.0.10 - - [11/Jun/2019:00:18:15 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 0 192.168.0.10 - - [11/Jun/2019:00:18:15 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 0 192.168.0.10 - - [11/Jun/2019:00:18:16 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 0 192.168.0.10 - - [11/Jun/2019:00:18:21 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 1 192.168.0.10 - - [11/Jun/2019:00:18:25 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 1 192.168.0.10 - - [11/Jun/2019:00:18:25 +0000] "POST /solr/instance_42300/select HTTP/1.1" *200* 594 2 192.168.0.10 - - [11/Jun/2019:00:18:27 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 1 192.168.0.10 - - [11/Jun/2019:00:18:27 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 0 192.168.0.10 - - [11/Jun/2019:00:18:28 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 1 192.168.0.10 - - [11/Jun/2019:00:18:29 +0000] "POST /solr/instance_42300/select HTTP/1.1" *200* 594 2 192.168.0.10 - - [11/Jun/2019:00:18:29 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 1 192.168.0.10 - - [11/Jun/2019:00:18:30 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 1 192.168.0.10 - - [11/Jun/2019:00:18:34 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 1 192.168.0.10 - - [11/Jun/2019:00:18:37 +0000] "POST /solr/instance_42300/select HTTP/1.1" *401* 441 0 As you can see form the logs, we're getting 401 errors mixed with 200 success responses. We're using a shared instance of CloudSolrClient and these requests are coming from the same AppServer JVM, and as you can see from the above log snippet we get success and failures interleaved. We're using Solr 6.6.6, collections are a single shard with 2 replicas. We are seeing this behavior across multiple environments, each one has 2-5 Solr instances. Anyone see this type of behavior before? Any insight or thoughts on what we're doing wrong or is this a bug in Solr that I stumbled upon.... Thanks in advance for the help! Brian