You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2019/04/04 14:49:00 UTC

[jira] [Resolved] (SOLR-13344) Admin UI inaccessible with RuleBasedAuthorizationPlugin

     [ https://issues.apache.org/jira/browse/SOLR-13344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Høydahl resolved SOLR-13344.
--------------------------------
    Resolution: Fixed

> Admin UI inaccessible with RuleBasedAuthorizationPlugin
> -------------------------------------------------------
>
>                 Key: SOLR-13344
>                 URL: https://issues.apache.org/jira/browse/SOLR-13344
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Admin UI, Authentication
>    Affects Versions: 7.7, 8.0
>            Reporter: Märt
>            Assignee: Jan Høydahl
>            Priority: Major
>             Fix For: 7.7.2, 8.1
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> SOLR-7896 made some changes to the admin ui login. After the changes I can no longer log in at all.
> I'm running standalone solr 7.7 (same with 8.0) with the following security.json:
> {code}
> {
>   "authentication": {
>     "class": "solr.BasicAuthPlugin",
>     "blockUnknown": true,
>     "credentials": {
>       "solr": "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
>     },
>   },
>   "authorization": {
>     "class": "solr.RuleBasedAuthorizationPlugin",
>     "permissions": [
>       {
>         "name": "all",
>         "role": "admin"
>       }
>     ],
>     "user-role": {
>       "solr": "admin"
>     }
>   }
> }
> {code}
> Opening the UI at http://localhost:8080/solr/ shows an error page with 401. The login page is not displayed because of the "all" permission being required. The browser's basic auth popup is not shown because the WWW-Authenticate header is not present. Changing the RuleBasedAuthorizationPlugin required permission from "all" to "security-edit" makes the login page appear.
> The bug can be reproduced as follows:
> # unpack solr-8.0.0.zip
> # copy the security.json example from https://lucene.apache.org/solr/guide/7_7/basic-authentication-plugin.html into server/solr/ and replace "name":"security-edit" with "name":"all"
> # start with bin/solr -f -p 8080
> # open http://localhost:8080/
> The bug was discussed on solr-user list http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201903.mbox/%3C7629BDDD-3D22-4203-9188-0E0A8DCF2FEE%40cominvent.com%3E



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org