lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (SOLR-8422) Basic Authentication plugin is not working correctly in solrcloud
Date Mon, 08 Feb 2016 22:36:40 GMT


ASF subversion and git services commented on SOLR-8422:

Commit 9ef144ddefe21f30c1c9ebd5246e7e03387488e1 in lucene-solr's branch refs/heads/branch_5_4
from [~jpountz]
[;h=9ef144d ]

SOLR-8460, SOLR-8373, SOLR-8422, SOLR-7462, SOLR-8470: Add CHANGES entries for 5.4.1.

git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68

> Basic Authentication plugin is not working correctly in solrcloud
> -----------------------------------------------------------------
>                 Key: SOLR-8422
>                 URL:
>             Project: Solr
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: 5.3.1
>         Environment: Solrcloud
>            Reporter: Nirmala Venkatraman
>            Assignee: Noble Paul
>             Fix For: 5.3.2, 5.5, Trunk, 5.4.1
>         Attachments: SOLR-8422.patch
> Iam seeing a problem with basic auth on Solr5.3.1 . We have 5 node solrcloud with basic
auth configured on sgdsolar1/2/3/4/7 , listening on port 8984.  We have 64 collections, each
having 2 replicas distributed across the 5 servers in the solr cloud. A sample screen shot
of the collections/shard locations shown below:-
> Step 1 - Our solr indexing tool sends a request  to say any one of the  solr servers
in the solrcloud and the request is sent to a server  which  doesn't have the collection
> Here is the request sent by the indexing tool  to sgdsolar1, that includes the correct
BasicAuth credentials
> Step2 - Now sgdsolar1 routes  the request to sgdsolar2 that has the collection1, but
no basic auth header is being passed. 
> As a results sgdsolar2 throws a 401 error back to source server sgdsolar1 and all the
way back to solr indexing tool
> - - [15/Dec/2015:00:45:18 +0000] "GET /solr/collection1/get?_route_=Q049c2dkbWFpbDMwL089U0dfVVMx20093510!&ids=Q049c2dkbWFpbDMwL089U0dfVVMx20093510!08D9EACCA5AE663400257EB6005A5CFF,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!9057B828F841C41F00257EB6005A7421,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!F3FB9305A00A0E1200257EB6005AAA99,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!E9815A6F3CBC3D0E00257EB6005ACA02,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!FEB43AC9F648AFC500257EB6005AE4EB,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!4CF37E73A18F9D9F00257E590016CBD9,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!61D5457FEA1EBE5C00257E5900188729,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!6B0D89B9A7EEBC4600257E590019CEDA,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!360B9B52D9C6DFE400257EB2007FCD8B,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!D86D4CED01F66AF300257EB2008305A4&fl=unid,sequence,folderunid&wt=xml&rows=10
HTTP/1.1" 401 366
> 2015-12-15 00:45:18.112 INFO  (qtp1214753695-56) [c:collection1 s:shard1 r:core_node1
x:collection1_shard1_replica1] o.a.s.s.RuleBasedAuthorizationPlugin request has come without
principal. failed permission$Permission@5ebe8fca
> 2015-12-15 00:45:18.113 INFO  (qtp1214753695-56) [c:collection1 s:shard1 r:core_node1
x:collection1_shard1_replica1] o.a.s.s.HttpSolrCall USER_REQUIRED auth header null context
: userPrincipal: [null] type: [READ], collections: [collection1,], Path: [/get] path : /get
params :fl=unid,sequence,folderunid&ids=Q049c2dkbWFpbDMwL089U0dfVVMx20093510!08D9EACCA5AE663400257EB6005A5CFF,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!9057B828F841C41F00257EB6005A7421,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!F3FB9305A00A0E1200257EB6005AAA99,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!E9815A6F3CBC3D0E00257EB6005ACA02,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!FEB43AC9F648AFC500257EB6005AE4EB,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!4CF37E73A18F9D9F00257E590016CBD9,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!61D5457FEA1EBE5C00257E5900188729,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!6B0D89B9A7EEBC4600257E590019CEDA,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!360B9B52D9C6DFE400257EB2007FCD8B,Q049c2dkbWFpbDMwL089U0dfVVMx20093510!D86D4CED01F66AF300257EB2008305A4&rows=10&wt=xml&_route_=Q049c2dkbWFpbDMwL089U0dfVVMx20093510!
> Step 3 - In another solrcloud , if the indexing tool sends the solr get request to the
server that has the collection1, I see that basic authentication working as expected.
> I double checked and see both sgdsolar1/sgdsolar2 servers have the patched solr-core
and solr-solrj jar files under the solr-webapp folder that were provided via earlier patches
that Anshum/Noble worked on:-
> SOLR-8167 fixes the POST issue 
> SOLR-8326  fixing PKIAuthenticationPlugin.
> SOLR-8355

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message