You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2021/03/15 08:11:00 UTC

[jira] [Commented] (SOLR-14216) Exclude HealthCheck from authentication

    [ https://issues.apache.org/jira/browse/SOLR-14216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17301475#comment-17301475 ] 

Jan Høydahl commented on SOLR-14216:
------------------------------------

Ok, so seems like there is some support for this idea. Feel free to re-open it Eric. 

But I think the PR is just a draft, better consider a cleaner approach like [my comment|#comment-17071277] from March 30th.

> Exclude HealthCheck from authentication
> ---------------------------------------
>
>                 Key: SOLR-14216
>                 URL: https://issues.apache.org/jira/browse/SOLR-14216
>             Project: Solr
>          Issue Type: Improvement
>          Components: Authentication
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> The {{HealthCheckHandler}} on {{/api/node/health}} and {{/solr/admin/info/health}} should by default not be subject to authentication, but be open for all. This allows for load balancers and various monitoring to probe Solr's health without having to support the auth scheme in place. I can't see any reason we need auth on the health endpoint.
> It is possible to achieve the same by setting blockUnknown=false and configuring three RBAC permissions: One for v1 endpoint, one for v2 endpoint and one "all" catch all at the end of the chain. But this is cumbersome so better have this ootb.
> An alternative solution is to create a separate HttpServer for health check, listening on a different port, just like embedded ZK and JMX.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)