lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Updated] (SOLR-11904) IndexFetcher Http client requests are unauthenticated
Date Tue, 23 Apr 2019 12:53:00 GMT

     [ https://issues.apache.org/jira/browse/SOLR-11904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jan Høydahl updated SOLR-11904:
-------------------------------
    Labels: BasicAuth Security  (was: )

> IndexFetcher Http client requests are unauthenticated
> -----------------------------------------------------
>
>                 Key: SOLR-11904
>                 URL: https://issues.apache.org/jira/browse/SOLR-11904
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication, replication (java), SolrCloud
>    Affects Versions: 7.2
>         Environment: Three servers on solrcloud. One collection with 2 shards and 3 tlog
replicas on each shard.
>            Reporter: Kyriacos Christoudias
>            Priority: Major
>              Labels: BasicAuth, Security
>
> Whenever the IndexFetcher class is called for recovery or replication the HTTP requests
are unauthenticated resulting in 401 errors:
>  
> {code:java}
> 2018-01-25 13:16:22.538 WARN  (indexFetcher-25-thread-1) [c:myCollection s:shard1 r:core_node3
x:myCollection_shard1_replica_t1] o.a.s.h.IndexFetcher Master at: http://server1:8983/solr/myCollection_shard1_replica_t4/
is not available. Index fetch failed by exception: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
Error from server at http://server1:8983/solr/myCollection_shard1_replica_t4: Expected mime
type application/octet-stream but got text/html. <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 401 Unauthorized request, Response code: 401</title>
> </head>
> <body><h2>HTTP ERROR 401</h2>
> <p>Problem accessing /solr/myCollection_shard1_replica_t4/replication. Reason:
> <pre>    Unauthorized request, Response code: 401</pre></p>
> </body>
> </html>
> {code}
>  
> I checked the source code and before creating a new HTTP client in IndexFetcher it tries
to get http auth user/password from initArgs but those properties are always null, event if
I set them in the replication handler (under the slave tag).
>  
> {code:java}
>  <lst name="slave">
> <str name="masterUrl">http://remote_host:port/solr/core_name/replication</str>
>  <str name="httpBasicAuthUser">username</str>
> <str name="httpBasicAuthPassword">password</str>
> </lst>
> {code}
>   
> I downloaded the solr source code and entered the username and password hardcoded, compiled
the jar and everything was working fine. Before this I used the logger to check the httpBasicAuthUser/httpBasicAuthPassword
and whenever IndexFetcher was called for recovery or replication these fields were null.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message