Basic auth on SolrCloud /admin/* calls

Thu, 28 Mar 2013 17:43:40 -0700 

Hey guys,

I've recently setup basic auth under Jetty 8 for all my Solr 4.x '/admin/*' 
calls, in order to protect my Collections and Cores API.

Although the security constraint is working as expected ('/admin/*' calls 
require Basic Auth or return 401), when I use the Collections API to create a 
collection, I receive a 200 OK to the Collections API CREATE call, but the 
background Cores API calls that are ran on the Collection API's behalf fail on 
the Basic Auth on other nodes with a 401 code, as I should have foreseen, but 
didn't.

Is there a way to tell SolrCloud to use authentication on internal Cores API 
calls that are spawned on Collections API's behalf, or is this a new feature 
request?

To reproduce:

1.       Implement basic auth on '/admin/*' URIs.

2.       Perform a CREATE Collections API call to a node (which will return 200 
OK).

3.       Notice all Cores API calls fail (Collection isn't created). See stack 
trace below from the node that was issued the CREATE call.

The stack trace I get is:

"org.apache.solr.common.SolrException: Server at http://<HOST 
HERE>:8983/solr<http://%3cHOST%20HERE%3e:8983/solr> returned non ok status:401, 
message:Unauthorized
at 
org.apache.solr.client.solrj.impl.HttpSolrServer.request(HttpSolrServer.java:373)
at 
org.apache.solr.client.solrj.impl.HttpSolrServer.request(HttpSolrServer.java:181)
at 
org.apache.solr.handler.component.HttpShardHandler$1.call(HttpShardHandler.java:169)
at 
org.apache.solr.handler.component.HttpShardHandler$1.call(HttpShardHandler.java:135)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
at java.lang.Thread.run(Thread.java:662)"

Cheers!

Tim

Reply via email to