Thanks Erick, I had read thru https://issues.apache.org/jira/browse/SOLR-13510 earlier today but it seemed specific to Solr 8 as Colvin Cowie wasn't able to reproduce on 7.7.0 or 7.7.1. I am going to see if the 'forwardCredentials' workaround resolves this for 6.6.6, fingers crossed.... Brian
On Tue, Jun 11, 2019 at 3:33 PM Erick Erickson <erickerick...@gmail.com> wrote: > Looks like: https://issues.apache.org/jira/browse/SOLR-13510 > > > On Jun 11, 2019, at 3:08 PM, Brian Lininger <brian.linin...@veeva.com> > wrote: > > > > Hello Solr Experts, > > I've hit an issue with Solr and BasicAuth that is stumping me at the > > moment. We've configured a basic security.json to require BasicAuth > > credentials for read/update to all collections in Solr, but we allow > > un-authenticated requests to Solr admin endpoint (don't ask why). It > looks > > like (but with actual encoded password & salt): > > { > > "authentication":{ > > "class":"solr.BasicAuthPlugin", > > "blockUnknown": false, > > "credentials":{ > > "my_search_user":"searchPasswordEncoded searchPasswordSalt" > > } > > }, > > "authorization":{ > > "class":"solr.RuleBasedAuthorizationPlugin", > > "permissions":[ > > {"name":"read", "role":"search_user"}, > > {"name":"update", "role":"search_user"} > > ], > > "user-role":{ > > "my_search_user":"search_user" > > } > > }} > > > > This works as expected *except* that we're getting intermittent 401 > > responses intermingled with successful searches: > > > > 192.168.0.10 - - [11/Jun/2019:00:18:11 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *200* 594 1 > > 192.168.0.10 - - [11/Jun/2019:00:18:11 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *200* 594 1 > > 192.168.0.10 - - [11/Jun/2019:00:18:11 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 0 > > 192.168.0.10 - - [11/Jun/2019:00:18:15 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 0 > > 192.168.0.10 - - [11/Jun/2019:00:18:15 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 0 > > 192.168.0.10 - - [11/Jun/2019:00:18:16 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 0 > > 192.168.0.10 - - [11/Jun/2019:00:18:21 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 1 > > 192.168.0.10 - - [11/Jun/2019:00:18:25 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 1 > > 192.168.0.10 - - [11/Jun/2019:00:18:25 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *200* 594 2 > > 192.168.0.10 - - [11/Jun/2019:00:18:27 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 1 > > 192.168.0.10 - - [11/Jun/2019:00:18:27 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 0 > > 192.168.0.10 - - [11/Jun/2019:00:18:28 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 1 > > 192.168.0.10 - - [11/Jun/2019:00:18:29 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *200* 594 2 > > 192.168.0.10 - - [11/Jun/2019:00:18:29 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 1 > > 192.168.0.10 - - [11/Jun/2019:00:18:30 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 1 > > 192.168.0.10 - - [11/Jun/2019:00:18:34 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 1 > > 192.168.0.10 - - [11/Jun/2019:00:18:37 +0000] "POST > > /solr/instance_42300/select HTTP/1.1" *401* 441 0 > > > > As you can see form the logs, we're getting 401 errors mixed with 200 > > success responses. We're using a shared instance of CloudSolrClient and > > these requests are coming from the same AppServer JVM, and as you can see > > from the above log snippet we get success and failures interleaved. > We're > > using Solr 6.6.6, collections are a single shard with 2 replicas. We are > > seeing this behavior across multiple environments, each one has 2-5 Solr > > instances. Anyone see this type of behavior before? Any insight or > > thoughts on what we're doing wrong or is this a bug in Solr that I > stumbled > > upon.... > > > > Thanks in advance for the help! > > Brian > > -- *Brian Lininger* Technical Architect, Infrastructure & Search *Veeva Systems * brian.linin...@veeva.com www.veeva.com *This email and the information it contains are intended for the intended recipient only, are confidential and may be privileged information exempt from disclosure by law.* *If you have received this email in error, please notify us immediately by reply email and delete this message from your computer.* *Please do not retain, copy or distribute this email.*