[SOLR-16955] Tracing v2 apis breaks SecurityConfHandler - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 9.4
Component/s: tracing
Labels:
None

Description

Tracing for v2 apis will eagerly consume the contentstream to find a good name for the span. the assumption here is that the operations are cached so the stream ca be consumed early, but that is not the case for the SecurityConfHandler and possibly other parts of the code.

With tracing enabled you cannot add a user, a role, etc. Admin UI Security is broken too.

The clash is between

V2HttpCall solrReq.getCommands

SecurityConfHandler CommandOperation.readCommands(req.getContentStreams()..)

relevant stacktrace

2023-08-29 19:13:57.591 INFO  (qtp605101809-21) [t:750564258779a1605867f784ee33f78a] o.a.s.s.HttpSolrCall [admin] webapp=null path=/cluster/security/authorization params={wt=json&_=1693361587976} status=0 QTime=0
2023-08-29 19:13:57.613 ERROR (qtp605101809-27) [t:b3ab14d057a292fb71ac727c5d871156] o.a.s.h.RequestHandlerBase Server exception => java.lang.RuntimeException: The JSON must be an Object of the form {"command": {...},...
	at org.apache.solr.common.util.CommandOperation.parse(CommandOperation.java:275)
java.lang.RuntimeException: The JSON must be an Object of the form {"command": {...},...
	at org.apache.solr.common.util.CommandOperation.parse(CommandOperation.java:275) ~[?:?]
	at org.apache.solr.common.util.CommandOperation.readCommands(CommandOperation.java:354) ~[?:?]
	at org.apache.solr.common.util.CommandOperation.readCommands(CommandOperation.java:327) ~[?:?]
	at org.apache.solr.handler.admin.SecurityConfHandler.doEdit(SecurityConfHandler.java:116) ~[?:?]
	at org.apache.solr.handler.admin.SecurityConfHandler.handleRequestBody(SecurityConfHandler.java:89) ~[?:?]
	at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:224) ~[?:?]
	at org.apache.solr.api.ApiBag$ReqHandlerToApi.call(ApiBag.java:362) ~[?:?]
	at org.apache.solr.api.V2HttpCall.handleAdmin(V2HttpCall.java:438) ~[?:?]
	at org.apache.solr.servlet.HttpSolrCall.handleAdminRequest(HttpSolrCall.java:870) ~[?:?]
	at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:539) ~[?:?]
	at org.apache.solr.servlet.SolrDispatchFilter.dispatch(SolrDispatchFilter.java:248) ~[?:?]
	at org.apache.solr.servlet.SolrDispatchFilter.lambda$doFilter$0(SolrDispatchFilter.java:215) ~[?:?]
	at org.apache.solr.servlet.ServletUtils.traceHttpRequestExecution2(ServletUtils.java:241) ~[?:?]
	at org.apache.solr.servlet.ServletUtils.rateLimitRequest(ServletUtils.java:211) ~[?:?]
	at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:209) ~[?:?]
	at org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:192) ~[?:?]

I ran into this a few times and could not pinpoint it until now. the reason this does not trigger on the alway-on tracer is that this is hidden behind a 'TraceUtils.ifNotNoop' check.

Also, I think this might be a problem on 9.x too, not completely sure yet.

Attachments

Issue Links

links to

https://github.com/apache/solr/pull/1884

Activity

People

Assignee:: Alex Deparvu

Reporter:: Alex Deparvu

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 30/Aug/23 02:18

Updated:: 15/Oct/23 20:13

Resolved:: 06/Sep/23 23:13