Mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ishan Chattopadhyaya (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-8355) RuleBasedAuthenticationPlugin doesn't work with update permission enabled
Date Tue, 01 Dec 2015 11:44:10 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15033550#comment-15033550
] 

Ishan Chattopadhyaya commented on SOLR-8355:
--------------------------------------------

bq. Nailed the issue, RecoveryStrategy creates its own httpclient.
The RecoveryStrategy.commitOnLeader() creates a HttpSolrClient, which in turn creates its
own HttpClient using HttpClientUtil.createClient(). If this is a problem, are all places where
a HttpSolrClient is created for intershard communication affected by this problem?

For example, LeaderInitiatedRecoveryThread.sendRecoveryCommandWithRetry() also creates its
own HttpSolrClient. Other places where HttpSolrClient is created are: SnitchContext, OCMH,
OverseerAutoReplicaFailoverThread, SyncStrategy, CollectionsHandler etc.

Do you think we should do something with the HttpClientUtil.createClient() to return a HttpClient
which passes on the PKI headers?

> RuleBasedAuthenticationPlugin doesn't work with update permission enabled
> -------------------------------------------------------------------------
>
>                 Key: SOLR-8355
>                 URL: https://issues.apache.org/jira/browse/SOLR-8355
>             Project: Solr
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 5.3, 5.3.1
>            Reporter: Anshum Gupta
>            Assignee: Noble Paul
>            Priority: Blocker
>              Labels: authorization-plugin
>             Fix For: 5.4
>
>
> Here are the steps that recreate this issue. I tried this on Solr 5.4 and I had the following
stack trace when I issued an ADDREPLICA. This seems pretty similar to what we saw on SOLR-8326
so it might be just something we missed but we should make sure that we ship 5.4 with this
fixed.
> #Upload Security Conf
> server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd putfile /security.json
~/security.json
> #Start Solr
> bin/solr start -e cloud -z localhost:2181
> #Collection Admin Edit Command:
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{"set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'
> #Read User and permission:
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{"set-permission" : {"name":"read", "role":"read"}}'
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{"set-permission" : {"name":"update", "role":"update"]}}'
> #Add Users
> #Read User
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json'
-d '{"set-user" : {"solrread":"solrRocks"}}'
> #Update user
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json'
-d '{"set-user" : {"solrupdate":"solrRocks"}}'
> #Set user roles
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{"set-user-role" : {"solrupdate":["read","update"]}}'
> #Read User
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{"set-user-role" : {"solrread":["read"]}}'
> #Create collection
> curl --user solr:SolrRocks 'http://localhost:8983/solr/admin/collections?action=CREATE&name=a&numShards=1&replicationFactor=1&collection.configName=gettingstarted&wt=json'
> #Add Replica
> curl --user solr:SolrRocks 'http://localhost:8983/solr/admin/collections?action=ADDREPLICA&collection=a&shard=shard1&wt=json'
> Exception log:
> INFO  - 2015-12-01 04:57:47.022; [c:a s:shard1 r:core_node2 x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy;
Starting Replication Recovery.
> INFO  - 2015-12-01 04:57:47.023; [c:a s:shard1 r:core_node2 x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy;
Attempting to replicate from http://172.20.10.4:7574/solr/a_shard1_replica1/.
> ERROR - 2015-12-01 04:57:47.027; [c:a s:shard1 r:core_node2 x:a_shard1_replica2] org.apache.solr.common.SolrException;
Error while trying to recover:org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
Error from server at http://172.20.10.4:7574/solr/a_shard1_replica1: Expected mime type application/octet-stream
but got text/html. <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
> <title>Error 401 Unauthorized request, Response code: 401</title>
> </head>
> <body><h2>HTTP ERROR 401</h2>
> <p>Problem accessing /solr/a_shard1_replica1/update. Reason:
> <pre>    Unauthorized request, Response code: 401</pre></p><hr><i><small>Powered
by Jetty://</small></i><hr/>
> </body>
> </html>
> 	at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:542)
> 	at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:240)
> 	at org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:229)
> 	at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:150)
> 	at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:167)
> 	at org.apache.solr.cloud.RecoveryStrategy.commitOnLeader(RecoveryStrategy.java:205)
> 	at org.apache.solr.cloud.RecoveryStrategy.replicate(RecoveryStrategy.java:145)
> 	at org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:436)
> 	at org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:225)
> INFO  - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2 x:a_shard1_replica2] org.apache.solr.update.UpdateLog;
Dropping buffered updates FSUpdateLog{state=BUFFERING, tlog=null}
> ERROR - 2015-12-01 04:57:47.028; [c:a s:shard1 r:core_node2 x:a_shard1_replica2] org.apache.solr.cloud.RecoveryStrategy;
Recovery failed - trying again... (4)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message