Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
7.7.3, 8.7, 8.8.1
-
None
Description
Issue confirmed for 7.7.3, 8.7 and 8.8.1.
Steps to reproduce are:
1. Following the docs for setting up distributed search (https://solr.apache.org/guide/8_8/distributed-search-with-index-sharding.html).
1.1 Stop both nodes after confirming that distributed search works without basic auth (last step).
2. Enable basic authentication plugin for both nodes, example for node1 example/nodes/node1/security.json:
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="},
"realm":"My Solr users",
"forwardCredentials": false
}}
3. Configure shardsWhitelist in solr.xml for both nodes, example for node1 example/nodes/node1/solr.xml
<shardHandlerFactory name="shardHandlerFactory"
class="HttpShardHandlerFactory">
<int name="socketTimeout">${socketTimeout:600000}</int>
<int name="connTimeout">${connTimeout:60000}</int>
<str name="shardsWhitelist">localhost:8984,localhost:8985</str>
</shardHandlerFactory>
4. Start both nodes.
5. Confirm that searching on one node with basic auth works with curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&wt=xml&indent=true"
6. Confirm that searching on both nodes does not work with curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=:&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
Error:
❯ curl --user solr:SolrRocks "http://localhost:8984/solr/core1/select?q=*:*&indent=true&shards=localhost:8985/solr/core1,localhost:8984/solr/core1&fl=id,name&wt=xml"
<?xml version="1.0" encoding="UTF-8"?>
<response>
<lst name="responseHeader">
<int name="status">401</int>
<int name="QTime">173</int>
<lst name="params">
<str name="q">*:*</str>
<str name="shards">localhost:8985/solr/core1,localhost:8984/solr/core1</str>
<str name="indent">true</str>
<str name="fl">id,name</str>
<str name="wt">xml</str>
</lst>
</lst>
<lst name="error">
<lst name="metadata">
<str name="error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
<str name="root-error-class">org.apache.solr.client.solrj.impl.BaseHttpSolrClient$RemoteSolrException</str>
</lst>
<str name="msg">Error from server at null: Expected mime type application/octet-stream but got text/html. <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 require authentication</title>
</head>
<body><h2>HTTP ERROR 401 require authentication</h2>
<table>
<tr><th>URI:</th><td>/solr/core1/select</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>require authentication</td></tr>
<tr><th>SERVLET:</th><td>default</td></tr>
</table>
</body>
</html>
</str>
<int name="code">401</int>
</lst>
</response>
See also SOLR-14569 that seems similar, but the patch provided does not help after I applied it to 8.8.1, therefore I think this is not the same issue.
Adjust priority as necessary. For cases where basic auth is required this means we cannot use Solr as of now.
Attachments
Issue Links
- is duplicated by
-
-
- Resolved
-
-
-
- Resolved
-