Apache Solr Server Unavailable After Adding Security.json

Created on 7 May 2024, 8 months ago
Updated 16 May 2024, 7 months ago

Respect the submission guidelines above! Drupal.org issue forks cause additional work for the project maintainer!

Setup

  • Solr version: 9.5.0
  • Drupal Core version: 9.5.11
  • Search API version: 8.x-1.30
  • Search API Solr version: 4.3.1
  • Configured Solr Connector: Basic Auth

Issue

Everything worked fine until I added a security.json to the solr home directory.

I have started using about 2 weeks now. After reading enough documentation, I had everything set up and a server that was reachable.
I have installed the Apache Solr Server on my Centos server.

However, when I add the security.json the and do a restart. The Apache Solr Server I set up under Search API goes unavailable.
The authentication seems to work fine but I can't index or search any data from the site because the server becomes unavailable.

Errors Shown under logging in the Solr UI

SolrLogAuditLoggerPlugin
type="REJECTED" message="Rejected" method="GET" status="401" requestType="ADMIN" username="null" resource="/admin/info/system" queryString="wt=json&json.nl=flat" collections=null
SolrLogAuditLoggerPlugin
type="REJECTED" message="Rejected" method="GET" status="401" requestType="UNKNOWN" username="null" resource="/rcore/mlt" queryString="omitHeader=true&TZ=Europe%2FLondon&wt=json&json.nl=flat&q=id%3A%225e8bfv-solr_randr_classifieds_index-entity%3Anode%2F901%3Aen%22&start=0&rows=3&fl=ss_search_api_id%2Css_search_api_language%2Cscore%2Chash&fq=bs_status%3A%22true%22&fq=%2Bindex_id%3Asolr_randr_classifieds_index&fq=ss_search_api_language%3A%28%22en%22+%22und%22%29&mlt.fl=tm_X3b_en_body_1%2Ctm_X3b_und_body_1%2Ctm_X3b_en_title%2Ctm_X3b_und_title&mlt.mintf=1&mlt.mindf=1&mlt.maxqt=100&mlt.maxntp=2000&mlt.boost=false&mlt.match.include=false&mlt.match.offset=0&mlt.interestingTerms=none" collections=null
SolrLogAuditLoggerPlugin
type="REJECTED" message="Rejected" method="GET" status="401" requestType="ADMIN" username="null" resource="/admin/info/system" queryString="wt=json&json.nl=flat" collections=null

Errors shown in Drupal recent logs

Path: /admin/reports/dblog/event/3723. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'access site reports' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 118 of /var/www/vhosts/d.com/dcore/lib/Drupal/Core/Routing/AccessAwareRouter.php).

Path: /admin/config/search/search-api. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The 'administer search_api' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 118 of /var/www/vhosts/d.com/d.com/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

Drupal\search_api_solr\SearchApiSolrException: Solr endpoint http://localhost:8983/ access denied (code:

My Security.josn Setup

{
    "authentication": {
        "blockUnknown": false,
        "class": "solr.BasicAuthPlugin",
        "credentials": {
            "cnm_solr_admin": "<paswd>",
            "cnm_solr_dev": "<paswd>",
            "solr": "<paswd>" // SolrRocks
         },
        "realm": "CNM Solr Users",
        "fowardCredentials": false
    },
    "authorization": {
       "class": "solr.RuleBasedAuthorizationPlugin",
       "user-role": {
           "cnm_solr_admin": "admin",
           "cnm_solr_dev": "dev",
           "solr_end_users": ["users"]
        },
       "permissions": [
            {
                "name": "rcore",
                "collection": null,
                "path": ["/rcore/select", "/admin/cores"],
                "role": "*"
            }
            {
                "name":"read",
                "role": ["admin", "dev", "users"]
            },
            {
                "name":"update",
                "role": ["admin"]
            },
            {
                "name":"security-edit",
                "role": "admin"
            },
            {
                "name":"security-read",
                "role": ["admin", "dev"]
            },
            {
                "name":"all",
                "role": "admin"
            }

        ]
    },
    "auditlogging": {
      "class": "solr.SolrLogAuditLoggerPlugin",
      "async": true,
      "blockAsync": false,
      "numThreads": 2,
      "queueSize": 4096,
      "eventTypes": ["AUTHENTICATED", "REJECTED", "ANONYMOUS", "AUTHORIZED",  "ANONYMOUS_REJECTED", "UNAUTHORIZED", "COMPLETED", "ERROR"]
    }
}

My lack of knowledge concludes that I may have to use a specific user in my json file but I am not sure.

May you shed some light, please?
I think

💬 Support request
Status

Closed: works as designed

Version

4.3

Component

Solr Connectors

Created by

🇧🇧Barbados ShockWave08

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @ShockWave08
  • 🇩🇪Germany mkalkbrenner 🇩🇪

    Your security.json activates basic auth. So you need to configure the Basic Auth connector in Search API Solr, not the Standard connector.

  • Status changed to Fixed 7 months ago
  • Status changed to Needs review 7 months ago
  • 🇧🇧Barbados ShockWave08

    Thanks much for the response..
    I know it's difficult having to keep up with these isues.

    So I'm using Basic Auth now.
    Set the username and password to solr:SolrRocks..

    Same user/pass in the security.json.
    Using this tool to create encrypt the passwords.

    I am able to sign into the Solr Admin UI with the user/Pass So I know it works..

    I also went ahead and set these op:

    SOLR_AUTH_TYPE="basic"
    SOLR_AUTHENTICATION_OPTS="-Dbasicauth=solr:SolrRocks"

    Errors Shown under logging in the Solr UI

    The errors are basically the same but now they say

    Unauthorized

    for the same paths.

    So the Apache Solr Server I set up under Search API is still unavailable.

    Is there something I'm missing.

  • Status changed to Closed: works as designed 7 months ago
  • 🇩🇪Germany mkalkbrenner 🇩🇪

    I recommend that you read the solr docuementation.
    But because security.json has nothing to do with this module directly, I'll close the issue.

Production build 0.71.5 2024