You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by GitBox <gi...@apache.org> on 2021/08/02 20:58:04 UTC

[GitHub] [solr] thelabdude opened a new pull request #245: SOLR-15573: bin/solr auth tool should provide role bindings for security-read and config-edit by default

thelabdude opened a new pull request #245:
URL: https://github.com/apache/solr/pull/245


   
   https://issues.apache.org/jira/browse/SOLR-15573
   
   # Description
   
   See JIRA for details
   
   # Solution
   
   Adding `security-read` and `config-edit` to initial `security.json` created by the SolrCLI `auth` tool so that when `blockUnknown=false` these endpoints are still protected (anonymous should be allowed to read security config).
   
   Now when a user comes to the Admin UI and has not logged in, when they view the Security screen, they will be re-directed to login first.
   
   The `config-edit` is for the Schema Designer UI. If a user does not have that permission, the Schema Designer link is hidden and the Schema Design screen is un-usable if they navigate to it directly.
   
   Fixed the arg parsing in bin/solr for auth so that `-blockUnknown false` works now.
   
   # Tests
   
   Manual tests in the browser. Start Solr in cloud mode, e.g.:
   ```
   bin/solr start -c -z localhost:2181 -f
   ```
   
   and then enable security with `blockUnknown=false` using:
   ```
   bin/solr auth enable -type basicAuth -prompt true -z localhost:2181 -blockUnknown false
   ```
   
   # Checklist
   
   Please review the following and check all that apply:
   
   - [ ] I have reviewed the guidelines for [How to Contribute](https://wiki.apache.org/solr/HowToContribute) and my code conforms to the standards described there to the best of my ability.
   - [ ] I have created a Jira issue and added the issue ID to my pull request title.
   - [ ] I have given Solr maintainers [access](https://help.github.com/en/articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork) to contribute to my PR branch. (optional but recommended)
   - [ ] I have developed this patch against the `main` branch.
   - [ ] I have run `./gradlew check`.
   - [ ] I have added tests for my changes.
   - [ ] I have added documentation for the [Reference Guide](https://github.com/apache/solr/tree/main/solr/solr-ref-guide)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] thelabdude commented on a change in pull request #245: SOLR-15573: bin/solr auth tool should provide role bindings for security-read and config-edit by default

Posted by GitBox <gi...@apache.org>.
thelabdude commented on a change in pull request #245:
URL: https://github.com/apache/solr/pull/245#discussion_r681285311



##########
File path: solr/webapp/web/partials/security.html
##########
@@ -51,10 +51,10 @@ <h2><span>Security Settings</span></h2>
             <span ng-show="manageUsersEnabled" id="realm-field">
               <label for="realmName">Realm:&nbsp;</label><input disabled class="input-text" type="text" id="realmName" ng-model="realmName">
             </span>
-            <span id="block-field"><label for="block_unknown">Block anonymous requests?</label><input class="input-check" type="checkbox" id="block_unknown" ng-model="blockUnknown" ng-change="onBlockUnknownChange()" ng-true-value="'true'" ng-false-value="'false'"/><a ng-click="showHelp('blockUnknownHelp')"><img class="help-ico" src="img/ico/question-white.png"/></a>
+            <span id="block-field" ng-show="manageUsersEnabled"><label for="block_unknown">Block anonymous requests?</label><input class="input-check" type="checkbox" id="block_unknown" ng-model="blockUnknown" ng-change="onBlockUnknownChange()" ng-true-value="'true'" ng-false-value="'false'"/><a ng-click="showHelp('blockUnknownHelp')"><img class="help-ico" src="img/ico/question-white.png"/></a>

Review comment:
       `blockUnknown` is only valid for the basic auth plugin, so not showing it otherwise




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] thelabdude commented on pull request #245: SOLR-15573: bin/solr auth tool should provide role bindings for security-read and config-edit by default

Posted by GitBox <gi...@apache.org>.
thelabdude commented on pull request #245:
URL: https://github.com/apache/solr/pull/245#issuecomment-891347474


   @janhoy ~ I tagged you on this one b/c I know you have some familiarity with the `blockUnknown` param for the basic auth plugin. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] thelabdude merged pull request #245: SOLR-15573: bin/solr auth tool should provide role bindings for security-read and config-edit by default

Posted by GitBox <gi...@apache.org>.
thelabdude merged pull request #245:
URL: https://github.com/apache/solr/pull/245


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org