[
https://issues.apache.org/jira/browse/SOLR-14569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Isabelle Giguere updated SOLR-14569:
------------------------------------
Description:
The issue was first noticed on an instance of Solr 8.5.0, after securing Solr
with security.json.
Searching on a single collection returns the expected results, but searching on
an alias returns HTTP 401.
*Note that this issue is not reproduced when the collections are created using
the _default configuration.*
The attached patch includes a unit test that reproduces the issue.
*Patch applies on master branch (9x)*: Do not include in the regular build !
The test is failing to illustrate this issue.
The unit test is added to the test class that was originally part of the patch
to fix SOLR-13510.
I also attach:
- our product-specific Solr configuration, modified to remove irrelevant
plugins and fields
- security.json with user 'admin' (pwd 'admin')
-- Note that forwardCredentials true or false does not modify the behavior
To test with this configuration:
- Download and unzip Solr 8.5.0
- Modify ./bin/solr.in.sh :
-- ZK_HOST (optional)
-- SOLR_AUTH_TYPE="basic"
-- SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
- Upload security.json into Zookeeper
-- ./bin/solr zk cp file:/path/to/security.json zk:/path/to/solr/security.json
[-z <zk_host>:<zk_port>[/<solr>]]
- Start Solr in cloud mode
-- ./bin/solr -c
- Upload the provided configuration
- ./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d
/path/to/folder/conf/
- Create 2 collections using the uploaded configuration
-- test1, test2
- Create an alias grouping the 2 collections
-- test = test1, test2
- Query (/select?q=*:*) one collection
-- results in successful Solr response
- Query the alias (/select?q=*:*)
-- results in HTTP 401
was:
The issue was first noticed on an instance of Solr 8.5.0, after securing Solr
with security.json.
Searching on a single collection returns the expected results, but searching on
an alias returns HTTP 401.
Note that this issue is not reproduced when the collections are created using
the _default configuration.
The attached patch includes a unit test that reproduces the issue. Patch
applies on master branch (9x).
The unit test is added to the test class that was originally part of the patch
to fix SOLR-13510.
I also attach:
- our product-specific Solr configuration, modified to remove irrelevant
plugins and fields
- security.json with user 'admin' (pwd 'admin')
-- Note that forwardCredentials true or false does not modify the behavior
To test with this configuration:
- Download and unzip Solr 8.5.0
- Modify ./bin/solr.in.sh :
-- ZK_HOST (optional)
-- SOLR_AUTH_TYPE="basic"
-- SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
- Upload security.json into Zookeeper
-- ./bin/solr zk cp file:/path/to/security.json zk:/path/to/solr/security.json
[-z <zk_host>:<zk_port>[/<solr>]]
- Start Solr in cloud mode
-- ./bin/solr -c
- Upload the provided configuration
- ./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d
/path/to/folder/conf/
- Create 2 collections using the uploaded configuration
-- test1, test2
- Create an alias grouping the 2 collections
-- test = test1, test2
- Query (/select?q=*:*) one collection
-- results in successful Solr response
- Query the alias (/select?q=*:*)
-- results in HTTP 401
> HTTP 401 when searching on alias in secured Solr
> ------------------------------------------------
>
> Key: SOLR-14569
> URL: https://issues.apache.org/jira/browse/SOLR-14569
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Affects Versions: master (9.0), 8.5
> Environment: Unit test on master branch (9x) built on Windows 10 with
> Java 11
> Solr 8.5.0 instance running on CentOS 7.7 with Java 11
> Reporter: Isabelle Giguere
> Priority: Major
> Attachments: SOLR-14569.patch, security.json, solr_conf.zip
>
>
> The issue was first noticed on an instance of Solr 8.5.0, after securing Solr
> with security.json.
> Searching on a single collection returns the expected results, but searching
> on an alias returns HTTP 401.
> *Note that this issue is not reproduced when the collections are created
> using the _default configuration.*
> The attached patch includes a unit test that reproduces the issue.
> *Patch applies on master branch (9x)*: Do not include in the regular build !
> The test is failing to illustrate this issue.
> The unit test is added to the test class that was originally part of the
> patch to fix SOLR-13510.
> I also attach:
> - our product-specific Solr configuration, modified to remove irrelevant
> plugins and fields
> - security.json with user 'admin' (pwd 'admin')
> -- Note that forwardCredentials true or false does not modify the behavior
> To test with this configuration:
> - Download and unzip Solr 8.5.0
> - Modify ./bin/solr.in.sh :
> -- ZK_HOST (optional)
> -- SOLR_AUTH_TYPE="basic"
> -- SOLR_AUTHENTICATION_OPTS="-Dbasicauth=admin:admin"
> - Upload security.json into Zookeeper
> -- ./bin/solr zk cp file:/path/to/security.json
> zk:/path/to/solr/security.json [-z <zk_host>:<zk_port>[/<solr>]]
> - Start Solr in cloud mode
> -- ./bin/solr -c
> - Upload the provided configuration
> - ./bin/solr zk upconfig -z <zk_host>:<zk_port>[/<solr>] -n conf_en -d
> /path/to/folder/conf/
> - Create 2 collections using the uploaded configuration
> -- test1, test2
> - Create an alias grouping the 2 collections
> -- test = test1, test2
> - Query (/select?q=*:*) one collection
> -- results in successful Solr response
> - Query the alias (/select?q=*:*)
> -- results in HTTP 401
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
