Adding authentication

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Adding authentication

Adam Blank
Hi,

I'm not sure if this would be more of a Zookeeper or Solr question, but I'm
hoping you can help me.  I'm trying to add user authentication to my
SolrCloud configuration (to secure my Solr admin consoles).  I have 3
Zookeeper servers and 2 Solr nodes running.  Zookeeper version 3.4.6 and
Solr version 5.5.0 on AIX.  I have uploaded a security.json file to
Zookeeper using Solr's zkcli.sh script, and now I am prompted for a
username/password when logging into the Solr admin console as expected.
However, I am receiving the following error in my Solr log after rebooting:

 2018-11-30 19:02:55.105 ERROR
(recoveryExecutor-3-thread-2-processing-n:<Solr IP Address>:8983_solr
x:formdoc_shard1_replica1 s:shard1 c:formdoc r:core_node1) [c:formdoc
s:shard1 r:core_node1 x:formdoc_shard1
_replica1] o.a.s.c.RecoveryStrategy Error while trying to recover.
core=formdoc_shard1_replica1:java.util.concurrent.ExecutionException:
org.apache.solr.common.SolrException: java.security.InvalidKeyExcep
tion: Invalid RSA key for encrypting; n (1024) < 2048
        at java.util.concurrent.FutureTask.report(FutureTask.java:133)
        at java.util.concurrent.FutureTask.get(FutureTask.java:203)
        at
org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:596)
        at
org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:353)
        at
org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:224)
        at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
        at java.util.concurrent.FutureTask.run(FutureTask.java:277)
        at
org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:231)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.lang.Thread.run(Thread.java:785)
Caused by: org.apache.solr.common.SolrException:
java.security.InvalidKeyException: Invalid RSA key for encrypting; n (1024)
< 2048
        at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:67)
        at
org.apache.solr.security.PKIAuthenticationPlugin.setHeader(PKIAuthenticationPlugin.java:287)
        at
org.apache.solr.security.PKIAuthenticationPlugin$HttpHeaderClientConfigurer.process(PKIAuthenticationPlugin.java:257)
        at
org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:132)
        at
org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:166)
        at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:485)
        at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
        at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
        at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
        at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:481)
        at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:284)
        at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:280)
        ... 5 more
Caused by: java.security.InvalidKeyException: Invalid RSA key for
encrypting; n (1024) < 2048
        at com.rsa.cryptoj.o.fy.engineInit(Unknown Source)
        at com.rsa.cryptoj.o.fy.engineInit(Unknown Source)
        at javax.crypto.Cipher.a(Unknown Source)
        at javax.crypto.Cipher.a(Unknown Source)
        at javax.crypto.Cipher.init(Unknown Source)
        at javax.crypto.Cipher.init(Unknown Source)
        at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:62)
        ... 17 more

I tried updating the Java class
org/apache/solr/util/CryptoKeys$RSAKeyPair.class
in ./server/solr-webapp/webapp/WEB-INF/lib/solr-core-5.5.0.jar to change
the hardcoded value of 1024 to 2048, however then I received the following
error:

 2018-11-30 19:11:17.387 ERROR
(recoveryExecutor-3-thread-1-processing-n:<Solr IP Address>:8983_solr
x:formdoc_shard2_replica1 s:shard2 c:formdoc r:core_node2) [c:formdoc
s:shard2 r:core_node2 x:formdoc_shard2
_replica1] o.a.s.c.RecoveryStrategy Error while trying to recover.
core=formdoc_shard2_replica1:java.util.concurrent.ExecutionException:
org.apache.solr.common.SolrException: javax.crypto.IllegalBlockSize
Exception: Invalid input.
        at java.util.concurrent.FutureTask.report(FutureTask.java:133)
        at java.util.concurrent.FutureTask.get(FutureTask.java:203)
        at
org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:596)
        at
org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:353)
        at
org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:224)
        at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
        at java.util.concurrent.FutureTask.run(FutureTask.java:277)
        at
org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:231)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.lang.Thread.run(Thread.java:785)
Caused by: org.apache.solr.common.SolrException:
javax.crypto.IllegalBlockSizeException: Invalid input.
        at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:67)
        at
org.apache.solr.security.PKIAuthenticationPlugin.setHeader(PKIAuthenticationPlugin.java:287)
        at
org.apache.solr.security.PKIAuthenticationPlugin$HttpHeaderClientConfigurer.process(PKIAuthenticationPlugin.java:257)
        at
org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:132)
        at
org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:166)
        at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:485)
        at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
        at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
        at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
        at
org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:481)
        at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:284)
        at
org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:280)
        ... 5 more
Caused by: javax.crypto.IllegalBlockSizeException: Invalid input.
        at com.rsa.cryptoj.o.fy.engineDoFinal(Unknown Source)
        at javax.crypto.Cipher.doFinal(Unknown Source)
        at
org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:63)
        ... 17 more

I appreciate any suggestions you can offer.

Thanks,
Adam
Reply | Threaded
Open this post in threaded view
|

Re: Adding authentication

Noble Paul നോബിള്‍  नोब्ळ्
This is a Solr problem and not ZK problem.

This is something we have encountered before.
Which version of java are you using?



On Sat, Dec 8, 2018 at 1:42 AM Adam Blank <[hidden email]> wrote:

>
> Hi,
>
> I'm not sure if this would be more of a Zookeeper or Solr question, but I'm
> hoping you can help me.  I'm trying to add user authentication to my
> SolrCloud configuration (to secure my Solr admin consoles).  I have 3
> Zookeeper servers and 2 Solr nodes running.  Zookeeper version 3.4.6 and
> Solr version 5.5.0 on AIX.  I have uploaded a security.json file to
> Zookeeper using Solr's zkcli.sh script, and now I am prompted for a
> username/password when logging into the Solr admin console as expected.
> However, I am receiving the following error in my Solr log after rebooting:
>
>  2018-11-30 19:02:55.105 ERROR
> (recoveryExecutor-3-thread-2-processing-n:<Solr IP Address>:8983_solr
> x:formdoc_shard1_replica1 s:shard1 c:formdoc r:core_node1) [c:formdoc
> s:shard1 r:core_node1 x:formdoc_shard1
> _replica1] o.a.s.c.RecoveryStrategy Error while trying to recover.
> core=formdoc_shard1_replica1:java.util.concurrent.ExecutionException:
> org.apache.solr.common.SolrException: java.security.InvalidKeyExcep
> tion: Invalid RSA key for encrypting; n (1024) < 2048
>         at java.util.concurrent.FutureTask.report(FutureTask.java:133)
>         at java.util.concurrent.FutureTask.get(FutureTask.java:203)
>         at
> org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:596)
>         at
> org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:353)
>         at
> org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:224)
>         at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:277)
>         at
> org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:231)
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
>         at java.lang.Thread.run(Thread.java:785)
> Caused by: org.apache.solr.common.SolrException:
> java.security.InvalidKeyException: Invalid RSA key for encrypting; n (1024)
> < 2048
>         at
> org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:67)
>         at
> org.apache.solr.security.PKIAuthenticationPlugin.setHeader(PKIAuthenticationPlugin.java:287)
>         at
> org.apache.solr.security.PKIAuthenticationPlugin$HttpHeaderClientConfigurer.process(PKIAuthenticationPlugin.java:257)
>         at
> org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:132)
>         at
> org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:166)
>         at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:485)
>         at
> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
>         at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>         at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>         at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
>         at
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:481)
>         at
> org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:284)
>         at
> org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:280)
>         ... 5 more
> Caused by: java.security.InvalidKeyException: Invalid RSA key for
> encrypting; n (1024) < 2048
>         at com.rsa.cryptoj.o.fy.engineInit(Unknown Source)
>         at com.rsa.cryptoj.o.fy.engineInit(Unknown Source)
>         at javax.crypto.Cipher.a(Unknown Source)
>         at javax.crypto.Cipher.a(Unknown Source)
>         at javax.crypto.Cipher.init(Unknown Source)
>         at javax.crypto.Cipher.init(Unknown Source)
>         at
> org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:62)
>         ... 17 more
>
> I tried updating the Java class
> org/apache/solr/util/CryptoKeys$RSAKeyPair.class
> in ./server/solr-webapp/webapp/WEB-INF/lib/solr-core-5.5.0.jar to change
> the hardcoded value of 1024 to 2048, however then I received the following
> error:
>
>  2018-11-30 19:11:17.387 ERROR
> (recoveryExecutor-3-thread-1-processing-n:<Solr IP Address>:8983_solr
> x:formdoc_shard2_replica1 s:shard2 c:formdoc r:core_node2) [c:formdoc
> s:shard2 r:core_node2 x:formdoc_shard2
> _replica1] o.a.s.c.RecoveryStrategy Error while trying to recover.
> core=formdoc_shard2_replica1:java.util.concurrent.ExecutionException:
> org.apache.solr.common.SolrException: javax.crypto.IllegalBlockSize
> Exception: Invalid input.
>         at java.util.concurrent.FutureTask.report(FutureTask.java:133)
>         at java.util.concurrent.FutureTask.get(FutureTask.java:203)
>         at
> org.apache.solr.cloud.RecoveryStrategy.sendPrepRecoveryCmd(RecoveryStrategy.java:596)
>         at
> org.apache.solr.cloud.RecoveryStrategy.doRecovery(RecoveryStrategy.java:353)
>         at
> org.apache.solr.cloud.RecoveryStrategy.run(RecoveryStrategy.java:224)
>         at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:277)
>         at
> org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$1.run(ExecutorUtil.java:231)
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
>         at java.lang.Thread.run(Thread.java:785)
> Caused by: org.apache.solr.common.SolrException:
> javax.crypto.IllegalBlockSizeException: Invalid input.
>         at
> org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:67)
>         at
> org.apache.solr.security.PKIAuthenticationPlugin.setHeader(PKIAuthenticationPlugin.java:287)
>         at
> org.apache.solr.security.PKIAuthenticationPlugin$HttpHeaderClientConfigurer.process(PKIAuthenticationPlugin.java:257)
>         at
> org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:132)
>         at
> org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:166)
>         at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:485)
>         at
> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
>         at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>         at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>         at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
>         at
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:481)
>         at
> org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:284)
>         at
> org.apache.solr.client.solrj.impl.HttpSolrClient$1.call(HttpSolrClient.java:280)
>         ... 5 more
> Caused by: javax.crypto.IllegalBlockSizeException: Invalid input.
>         at com.rsa.cryptoj.o.fy.engineDoFinal(Unknown Source)
>         at javax.crypto.Cipher.doFinal(Unknown Source)
>         at
> org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys$RSAKeyPair.java:63)
>         ... 17 more
>
> I appreciate any suggestions you can offer.
>
> Thanks,
> Adam



--
-----------------------------------------------------
Noble Paul