lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amrit Sarkar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-11959) CDCR unauthorized to replicate to a target collection that is update protected in security.json
Date Mon, 29 Apr 2019 21:01:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-11959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16829715#comment-16829715
] 

Amrit Sarkar commented on SOLR-11959:
-------------------------------------

Thanks, Jan. I see the direction. 

Can we utilize JWTAuthPlugin (JWT basically) solely (written by you, and I was reading it
to understand how auth works overall in Solr) to have secure communication cross clusters?
And what's needed outside of it is just to have network access (ports open) to respective
zookeeper and Solr ports (which are already part of instructions).

I am not yet done with understanding the Auth module of Solr, and may suggest something doesn't
make sense.

> CDCR unauthorized to replicate to a target collection that is update protected in security.json
> -----------------------------------------------------------------------------------------------
>
>                 Key: SOLR-11959
>                 URL: https://issues.apache.org/jira/browse/SOLR-11959
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication, CDCR
>    Affects Versions: 7.2
>            Reporter: Donny Andrews
>            Priority: Major
>         Attachments: SOLR-11959.patch
>
>
> Steps to reproduce: 
>  # Create a source and a target collection in their respective clusters. 
>  # Update security.json to require a non-admin role to read and write. 
>  # Index to source collection 
> Expected: 
> The target collection should receive the update
> Actual:
> {code:java}
> org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server
at http://redacted/solr/redacted: Expected mime type application/octet-stream but got text/html.
<html>
>  <head>
>  <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
>  <title>Error 401 Unauthorized request, Response code: 401</title>
>  </head>
>  <body><h2>HTTP ERROR 401</h2>
>  <p>Problem accessing /solr/redacted/update. Reason:
>  <pre> Unauthorized request, Response code: 401</pre></p>
>  </body>
>  </html>at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:607)
>  at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:255)
>  at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:244)
>  at org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:483)
>  at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:413)
>  at org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1103)
>  at org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:883)
>  at org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:816)
>  at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:194)
>  at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:211)
>  at org.apache.solr.handler.CdcrReplicator.sendRequest(CdcrReplicator.java:140)
>  at org.apache.solr.handler.CdcrReplicator.run(CdcrReplicator.java:104)
>  at org.apache.solr.handler.CdcrReplicatorScheduler.lambda$null$0(CdcrReplicatorScheduler.java:81)
>  at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:188)
>  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748){code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message