lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <>
Subject [jira] [Commented] (SOLR-11959) CDCR unauthorized to replicate to a target collection that is update protected in security.json
Date Fri, 10 May 2019 06:21:00 GMT


Jan Høydahl commented on SOLR-11959:

Thanks for working on this :) I agree that we cannot have custom code in PKI for every plugin
that wants to use it. So it would be better to try to force CDCR into using a "solr thread
pool" for its communication in such a way that the existing code in path will classify it
as a request that needs the header. Or it is OK to introduce another additional way of detecting
need for header as you have begun, if that is a generic mechanism that is documented for other
components to use as well. Wdyt?

> CDCR unauthorized to replicate to a target collection that is update protected in security.json
> -----------------------------------------------------------------------------------------------
>                 Key: SOLR-11959
>                 URL:
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication, CDCR
>    Affects Versions: 7.2
>            Reporter: Donny Andrews
>            Priority: Major
>         Attachments: SOLR-11959.patch, SOLR-11959.patch
> Steps to reproduce: 
>  # Create a source and a target collection in their respective clusters. 
>  # Update security.json to require a non-admin role to read and write. 
>  # Index to source collection 
> Expected: 
> The target collection should receive the update
> Actual:
> {code:java}
> org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server
at http://redacted/solr/redacted: Expected mime type application/octet-stream but got text/html.
>  <head>
>  <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
>  <title>Error 401 Unauthorized request, Response code: 401</title>
>  </head>
>  <body><h2>HTTP ERROR 401</h2>
>  <p>Problem accessing /solr/redacted/update. Reason:
>  <pre> Unauthorized request, Response code: 401</pre></p>
>  </body>
>  </html>at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(
>  at org.apache.solr.client.solrj.impl.HttpSolrClient.request(
>  at org.apache.solr.client.solrj.impl.HttpSolrClient.request(
>  at org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(
>  at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(
>  at org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(
>  at org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(
>  at org.apache.solr.client.solrj.impl.CloudSolrClient.request(
>  at org.apache.solr.client.solrj.SolrRequest.process(
>  at org.apache.solr.client.solrj.SolrRequest.process(
>  at org.apache.solr.handler.CdcrReplicator.sendRequest(
>  at
>  at org.apache.solr.handler.CdcrReplicatorScheduler.lambda$null$0(
>  at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(
>  at java.util.concurrent.ThreadPoolExecutor.runWorker(
>  at java.util.concurrent.ThreadPoolExecutor$
>  at{code}

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message