Intermittent BasicAuthPlugin Not Authorized

Tue, 11 Jun 2019 15:08:54 -0700 

Hello Solr Experts,
I've hit an issue with Solr and BasicAuth that is stumping me at the
moment.  We've configured a basic security.json to require BasicAuth
credentials for read/update to all collections in Solr, but we allow
un-authenticated requests to Solr admin endpoint (don't ask why).  It looks
like (but with actual encoded password & salt):
{
  "authentication":{
    "class":"solr.BasicAuthPlugin",
    "blockUnknown": false,
    "credentials":{
      "my_search_user":"searchPasswordEncoded searchPasswordSalt"
    }
  },
  "authorization":{
    "class":"solr.RuleBasedAuthorizationPlugin",
    "permissions":[
      {"name":"read", "role":"search_user"},
      {"name":"update", "role":"search_user"}
    ],
    "user-role":{
      "my_search_user":"search_user"
    }
  }}

This works as expected *except* that we're getting intermittent 401
responses intermingled with successful searches:

192.168.0.10 - - [11/Jun/2019:00:18:11 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *200* 594 1
192.168.0.10 - - [11/Jun/2019:00:18:11 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *200* 594 1
192.168.0.10 - - [11/Jun/2019:00:18:11 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 0
192.168.0.10 - - [11/Jun/2019:00:18:15 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 0
192.168.0.10 - - [11/Jun/2019:00:18:15 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 0
192.168.0.10 - - [11/Jun/2019:00:18:16 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 0
192.168.0.10 - - [11/Jun/2019:00:18:21 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 1
192.168.0.10 - - [11/Jun/2019:00:18:25 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 1
192.168.0.10 - - [11/Jun/2019:00:18:25 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *200* 594 2
192.168.0.10 - - [11/Jun/2019:00:18:27 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 1
192.168.0.10 - - [11/Jun/2019:00:18:27 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 0
192.168.0.10 - - [11/Jun/2019:00:18:28 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 1
192.168.0.10 - - [11/Jun/2019:00:18:29 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *200* 594 2
192.168.0.10 - - [11/Jun/2019:00:18:29 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 1
192.168.0.10 - - [11/Jun/2019:00:18:30 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 1
192.168.0.10 - - [11/Jun/2019:00:18:34 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 1
192.168.0.10 - - [11/Jun/2019:00:18:37 +0000] "POST
/solr/instance_42300/select HTTP/1.1" *401* 441 0

As you can see form the logs, we're getting 401 errors mixed with 200
success responses.  We're using a shared instance of CloudSolrClient and
these requests are coming from the same AppServer JVM, and as you can see
from the above log snippet we get success and failures interleaved.  We're
using Solr 6.6.6, collections are a single shard with 2 replicas.  We are
seeing this behavior across multiple environments, each one has 2-5 Solr
instances.   Anyone see this type of behavior before?  Any insight or
thoughts on what we're doing wrong or is this a bug in Solr that I stumbled
upon....

Thanks in advance for the help!
Brian

Reply via email to