Hi, When deploying a Solr 9.7 Cluster with three nodes and using the JWTAuth plugin for authentication and authorization, I ran into an issue when adding permissions on my collections. It looks like the authorization details that are passed in the roles claim in the JWT token are not passed to other nodes in the cluster when doing internode requests resulting in a 403 http error code.
I was able to trace the problem to the sendRemoteQuery function in `solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java`. This function creates a HttpClientContext but never adds the current user's Security Principal like the executeMethod function does in solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpSolrClient.java. Can anyone confirm this bug? Kind regards, Timo Crabbé DevOps engineer +31 (0) 6 51 52 74 48 General: +31 (0)46 442 45 45 Servicedesk: +31 (0)46 442 50 20 [cid:image001.png@01DBCA3A.44769E60]<https://bctsoftware.com/> Postbus 59 6130 AB Sittard Hub Dassenplein 3 6131 LB Sittard www.bctsoftware.com<https://bctsoftware.com> BCT is business name of BCT BV [BCT.Community.Meetup.2024]<https://bctsoftware.com/> DISCLAIMER<https://www.bctsoftware.com/nl/postni/e-mail-disclaimer-english> The of the environment before printing this message. [cid:image003.jpg@01DBCA3A.44769E60]<https://www.youtube.com/BCTbv> [Twitter]<https://twitter.com/BCTsoftware> [linkedIn]<https://www.linkedin.com/company/bctsoftware>
