[ https://issues.apache.org/jira/browse/SOLR-11959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16836929#comment-16836929 ] Jan Høydahl commented on SOLR-11959: ------------------------------------ Thanks for working on this :) I agree that we cannot have custom code in PKI for every plugin that wants to use it. So it would be better to try to force CDCR into using a "solr thread pool" for its communication in such a way that the existing code in path will classify it as a request that needs the header. Or it is OK to introduce another additional way of detecting need for header as you have begun, if that is a generic mechanism that is documented for other components to use as well. Wdyt? > CDCR unauthorized to replicate to a target collection that is update protected in security.json > ----------------------------------------------------------------------------------------------- > > Key: SOLR-11959 > URL: https://issues.apache.org/jira/browse/SOLR-11959 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication, CDCR > Affects Versions: 7.2 > Reporter: Donny Andrews > Priority: Major > Attachments: SOLR-11959.patch, SOLR-11959.patch > > > Steps to reproduce:  > # Create a source and a target collection in their respective clusters.  > # Update security.json to require a non-admin role to read and write.  > # Index to source collection  > Expected:  > The target collection should receive the update > Actual: > {code:java} > org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://redacted/solr/redacted: Expected mime type application/octet-stream but got text/html. > > > Error 401 Unauthorized request, Response code: 401 > >

HTTP ERROR 401

>

Problem accessing /solr/redacted/update. Reason: >

 Unauthorized request, Response code: 401

> > at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:607) > at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:255) > at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:244) > at org.apache.solr.client.solrj.impl.LBHttpSolrClient.doRequest(LBHttpSolrClient.java:483) > at org.apache.solr.client.solrj.impl.LBHttpSolrClient.request(LBHttpSolrClient.java:413) > at org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1103) > at org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:883) > at org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:816) > at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:194) > at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:211) > at org.apache.solr.handler.CdcrReplicator.sendRequest(CdcrReplicator.java:140) > at org.apache.solr.handler.CdcrReplicator.run(CdcrReplicator.java:104) > at org.apache.solr.handler.CdcrReplicatorScheduler.lambda$null$0(CdcrReplicatorScheduler.java:81) > at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:188) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748){code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org For additional commands, e-mail: dev-help@lucene.apache.org