You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by Jesús Roca <xe...@gmail.com> on 2020/02/28 19:09:38 UTC

Limiting access to /admin path

 Hello,

I have a Solr 7.7.2 instance with basic authentication.

Anyone knows how to limit only to authenticated users the access to /admin
path?
For example to:

https://localhost:8983/solr/admin/info/system

When I access to that section this is the log generated:
2020-02-28 18:05:58.896 INFO  (qtp694316372-17) [   ] o.a.s.s.HttpSolrCall
[admin] webapp=null path=/admin/info/system params={} status=0 QTime=36

I have added the following custom permission, but it doesn't block the
unauthenticated request to that section:

    "permissions":[
      {
        "name":"admin-info-system",
        "path":"/admin/info/system",
        "role":"*"}
          ],

If I create the following custom permissions with diferent path:

    "permissions":[
      {
        "name":"admin-info-system1",
        "path":"/select/*",
        "role":"*"},
      {
        "name":"admin-info-system2",
        "path":"/admin/*",
        "role":"*"}
          ],

Then, I have to authenticate when I query a collection, but I can still
access to /admin/info/system or /admin/collections?action=CLUSTERSTATUS

Definitely, I don't know how to block unauthenticated access to /admin path
without add the blockUnknown=true attribute but, if I do that, all the
request will have to be authenticated and I didn't.

Thanks in advance!

Re: Limiting access to /admin path

Posted by Jesús Roca <xe...@gmail.com>.

Yes, it works!

Thanks a lot!

El vie., 28 feb. 2020 20:15, Oakley, Craig (NIH/NLM/NCBI) [C]
<cr...@nih.gov.invalid> escribió:

> I have found that for admin commands you may need to include
> "collection":null
>       {
>         "name":"admin-info-system2",
>         "path":"/admin/*",
>         "collection":null,
>         "role":"*"}
>
>
> -----Original Message-----
> From: Jesús Roca <xe...@gmail.com>
> Sent: Friday, February 28, 2020 2:10 PM
> To: solr-user@lucene.apache.org
> Subject: Limiting access to /admin path
>
>  Hello,
>
> I have a Solr 7.7.2 instance with basic authentication.
>
> Anyone knows how to limit only to authenticated users the access to /admin
> path?
> For example to:
>
> https://localhost:8983/solr/admin/info/system
>
> When I access to that section this is the log generated:
> 2020-02-28 18:05:58.896 INFO  (qtp694316372-17) [   ] o.a.s.s.HttpSolrCall
> [admin] webapp=null path=/admin/info/system params={} status=0 QTime=36
>
> I have added the following custom permission, but it doesn't block the
> unauthenticated request to that section:
>
>     "permissions":[
>       {
>         "name":"admin-info-system",
>         "path":"/admin/info/system",
>         "role":"*"}
>           ],
>
> If I create the following custom permissions with diferent path:
>
>     "permissions":[
>       {
>         "name":"admin-info-system1",
>         "path":"/select/*",
>         "role":"*"},
>       {
>         "name":"admin-info-system2",
>         "path":"/admin/*",
>         "role":"*"}
>           ],
>
> Then, I have to authenticate when I query a collection, but I can still
> access to /admin/info/system or /admin/collections?action=CLUSTERSTATUS
>
> Definitely, I don't know how to block unauthenticated access to /admin path
> without add the blockUnknown=true attribute but, if I do that, all the
> request will have to be authenticated and I didn't.
>
> Thanks in advance!
>

RE: Limiting access to /admin path

Posted by "Oakley, Craig (NIH/NLM/NCBI) [C]" <cr...@nih.gov.INVALID>.

I have found that for admin commands you may need to include "collection":null
      {
        "name":"admin-info-system2",
        "path":"/admin/*",
        "collection":null,
        "role":"*"}


-----Original Message-----
From: Jesús Roca <xe...@gmail.com> 
Sent: Friday, February 28, 2020 2:10 PM
To: solr-user@lucene.apache.org
Subject: Limiting access to /admin path

 Hello,

I have a Solr 7.7.2 instance with basic authentication.

Anyone knows how to limit only to authenticated users the access to /admin
path?
For example to:

https://localhost:8983/solr/admin/info/system

When I access to that section this is the log generated:
2020-02-28 18:05:58.896 INFO  (qtp694316372-17) [   ] o.a.s.s.HttpSolrCall
[admin] webapp=null path=/admin/info/system params={} status=0 QTime=36

I have added the following custom permission, but it doesn't block the
unauthenticated request to that section:

    "permissions":[
      {
        "name":"admin-info-system",
        "path":"/admin/info/system",
        "role":"*"}
          ],

If I create the following custom permissions with diferent path:

    "permissions":[
      {
        "name":"admin-info-system1",
        "path":"/select/*",
        "role":"*"},
      {
        "name":"admin-info-system2",
        "path":"/admin/*",
        "role":"*"}
          ],

Then, I have to authenticate when I query a collection, but I can still
access to /admin/info/system or /admin/collections?action=CLUSTERSTATUS

Definitely, I don't know how to block unauthenticated access to /admin path
without add the blockUnknown=true attribute but, if I do that, all the
request will have to be authenticated and I didn't.

Thanks in advance!