[
https://issues.apache.org/jira/browse/SOLR-16197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17537275#comment-17537275
]
Jan Høydahl commented on SOLR-16197:
------------------------------------
Looks like you have generated the user pw hash in security.json in the wrong
way. Did you find that command documented somewhere? Try to use Solr's own
tooling to generate your security.json, and compare:
{code:java}
bin/solr start -c
bin/solr auth enable -credentials
solr:aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22 -blockUnknown true
bin/solr zk cp zk:/security.json /tmp/sec.json -z localhost:9983
cat sec.json
...
"credentials":{"solr":"OwTr+3zsvV78Euqzqzw8CN/OqQ26ae5PGmR/z2qCEiM=
LVk0JRjQaLB9MAujWRIRUyMdyYrGpWScWKpVfdJt1Ww="}
...{code}
I'll close this ticket as invalid, as it is not a bug. Please seek help in the
[us...@solr.apache.org|mailto:us...@solr.apache.org] mailing list if you have
further questions regaring this functionality.
> solr 8x -> 9.0.0 upgrade; BasicAuth security FAILs @ "o.a.s.s.BasicAuthPlugin
> Bad auth credentials supplied in Authorization header"
> -------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-16197
> URL: https://issues.apache.org/jira/browse/SOLR-16197
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication
> Affects Versions: 9.0
> Reporter: pgnd
> Priority: Major
> Labels: BasicAuth, authentication, upgrade
>
> on
> {{ lsb_release -rd}}
> {{ Description: Fedora release 36 (Thirty Six)}}
> {{ Release: 36}}{{ java -version}}
> {{ Picked up JAVA_TOOL_OPTIONS: -Xmx512M}}
> {{ openjdk version "18.0.1" 2022-04-19}}
> {{ OpenJDK Runtime Environment 22.3 (build 18.0.1+10)}}
> {{ OpenJDK 64-Bit Server VM 22.3 (build 18.0.1+10, mixed mode,
> sharing)}}
>
> {{i've clean-installed solr 9.0.0}}
> {{ sudo -u solr /srv/webapps/solr/solr/bin/solr version}}
> {{ 9.0.0}}
> it's up/running
> {{ systemctl status solr}}
> {{ ● solr.service - LSB: Controls Apache Solr as a Service}}
> {{ Loaded: loaded (/etc/rc.d/init.d/solr; generated)}}
> {{ Active: active (exited) since Fri 2022-05-13 06:22:40 EDT; 2min
> 54s ago}}
> {{ Docs: man:systemd-sysv-generator(8)}}
> {{ Process: 56877 ExecStart=/etc/rc.d/init.d/solr start (code=exited,
> status=0/SUCCESS)}}
> {{ CPU: 43ms}}
> with no user/auth security,
> ls -al /data/solr/data/security.json
> ls: cannot access '/data/solr/data/security.json': No such file or
> directory
> nav to & admin @,
> [https:///solr.example.com:8983/solr|https://solr.example.com:8983/solr]
> works as expected.
> deploying user BasicAuth security
>
> [https://solr.apache.org/guide/solr/latest/deployment-guide/basic-authentication-plugin.html]
> with
> {{ MY_USER_PASS="aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22"}}
> {{ MY_USER_HASH=$( echo -n $MY_USER_PASS | shasum -a 256 | awk '\{print
> $1}' | tr -d ' ')}}
> {{ echo $MY_USER_HASH}}
> {{ 79a054509e27e20b16fb85caf221ac8d488168afa6715f2543d761269a72d832}}
> {{and}}
> {{ egrep "Dbasicauth|SOLR_LOG_LEVEL" /etc/default/solr.in.sh}}
> {{ SOLR_LOG_LEVEL=DEBUG}}
> {{
> SOLR_AUTHENTICATION_OPTS="-Dbasicauth=testuser:aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22"}}
> and
> {{ cat /data/solr/data/security.json}}
> {{ {}}
> {{{} "authentication":{}}}{\{{}{ "blockUnknown": true,
> "class":"solr.BasicAuthPlugin", "credentials":
> {"testuser":"79a054509e27e20b16fb85caf221ac8d488168afa6715f2543d761269a72d832"}
> {}}}{{{},{}}}
> {{ "realm":"MyRealm Solr",}}
> {{ "forwardCredentials": false}}
> {{ },}}
> {{ "authorization":{}}
> {{ "class":"solr.RuleBasedAuthorizationPlugin",}}
> {{{} "permissions":[{}}}{\{{}
> {"name":"security-edit", "role":"admin"}
> {}}}{{{}],{}}}
> {{{} "user-role":{"solr":"admin"{}}}}
> {\{ }}}}
> nav to:
> [https:///solr.example.com:8983/solr|https://solr.example.com:8983/solr]
> returns the expected
> {{ Basic Authentication}}
> form.
> entering credentials
> {{ username: testuser}}
> {{ password: aaaaaaaaaaaaaa_bbbbbbbbbbbb_111111111+ccccccc_22}}
> fails with
> {{ Basic Authentication}}
> {{ Unauthorized}}{{ Solr requires authentication for resource
> Dashboard.}}
> {{ Please log in with your username and password for realm MyRealm Solr.}}
> and DEBUG logs,
> --> [https://pastebin.com/raw/aHVCgGKF]
> there, this looks possibly suspect,
> {{ ...}}
> {{ 2022-05-13 06:33:00.651 DEBUG (qtp1777443462-23) []
> o.a.s.s.SolrDispatchFilter Request to authenticate:
> org.apache.solr.servlet.ServletUtils$1@3acaf4f, domain: 10.1.1.27, port:
> 8983}}
> {{ 2022-05-13 06:33:00.656 DEBUG (qtp1777443462-22) []
> o.a.s.s.SolrDispatchFilter Request to authenticate:
> org.apache.solr.servlet.ServletUtils$1@540dbd19, domain: 10.1.1.27, port:
> 8983}}
> {{ 2022-05-13 06:33:00.660 DEBUG (qtp1777443462-23) []
> o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization
> header}}
> {{ 2022-05-13 06:33:00.650 DEBUG (qtp1777443462-20) []
> o.a.s.s.SolrDispatchFilter Request to authenticate:
> org.apache.solr.servlet.ServletUtils$1@7e6b57df, domain: 10.1.1.27, port:
> 8983}}
> {{ 2022-05-13 06:33:00.661 DEBUG (qtp1777443462-20) []
> o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization
> header}}
> {{ 2022-05-13 06:33:00.662 DEBUG (qtp1777443462-20) []
> o.a.s.s.BasicAuthPlugin Prefixing WWW-Authenticate header for Basic Auth with
> 'x' to prevent browser basic auth popup}}
> {{?? 2022-05-13 06:33:00.663 DEBUG (qtp1777443462-22) []
> o.a.s.s.BasicAuthPlugin Bad auth credentials supplied in Authorization
> header}}
> {{?? 2022-05-13 06:33:00.663 DEBUG (qtp1777443462-22) []
> o.a.s.s.BasicAuthPlugin Prefixing WWW-Authenticate header for Basic Auth with
> 'x' to prevent browser basic auth popup}}
> {{{} 2022-05-13 06:33:00.667 DEBUG (qtp1777443462-22) []
> o.e.j.s.HttpChannelState sendError HttpChannelState@191ce1ad{s=HANDLING
> rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0{}}}}
> {{ ...}}
> dropping back to solr 8x, i've no issues with basicauth.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
