You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2018/03/31 09:43:00 UTC

[jira] [Commented] (SOLR-12042) Authorization rules do not work as expected.

    [ https://issues.apache.org/jira/browse/SOLR-12042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16421258#comment-16421258 ] 

Jan Høydahl commented on SOLR-12042:
------------------------------------

Hi,

How do you upload security.json?
If you upload directly to zk I believe that you need to remove the empty keys before uploading, e.g:

{code:json}
"":{"v":56}}, 
{code}

> Authorization rules do not work as expected.
> --------------------------------------------
>
>                 Key: SOLR-12042
>                 URL: https://issues.apache.org/jira/browse/SOLR-12042
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication
>    Affects Versions: 6.6.2
>         Environment: SolrCloud, Linux.
>            Reporter: Nikolay Martynov
>            Priority: Major
>
> Authentication rules do not work as expected: more permissions are given than desired.
> This is an example of security.json:
> {noformat}
> {
>  "authentication":{
>    "blockUnknown":false,
>    "class":"solr.BasicAuthPlugin",
>    "credentials":{"admin":"XvyR9ddaDk/kVNBrhJHkeWhqTFQ2uAsv8tDOmkSDwkg= 3EiRiSQVKYnGDgOwBoY6NJNlOcoRuYZOoUMYB9hgpGw="},
>    "":{"v":56}},
>  "authorization":{
>    "class":"solr.RuleBasedAuthorizationPlugin",
>    "user-role":{"admin":["admin"]},
>    "":{"v":66},
>    "permissions":[
>      {
>        "name":"read",
>        "role":null,
>        "index":1},
>      {
>        "path":"/admin/info/system",
>        "collection":null,
>        "role":null,
>        "index":2},
>      {
>        "name":"all",
>        "role":"admin",
>        "index":3}]}}
> {noformat}
> With this not authentication is required to create or delete collection.
> If one removes second rule (one with path) then authentication is required to create or destroy collection.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org