You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2015/12/17 01:25:46 UTC
[jira] [Commented] (SOLR-8429) add a flag blockUnauthenticated to
BasicAutPlugin
[ https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061208#comment-15061208 ]
Jan Høydahl commented on SOLR-8429:
-----------------------------------
Let's make it default to true from 5.5, aligning with what people expect after enabling auth in any piece of software. We can fix back-compat using {{luceneMatchVersion}}, or I'm also OK with treating this as a Bug, documenting the change in CHANGES, since the refGuide does not even mention the current behavior.
Is it at all possible with 5.4 to make BasicAuth work without also specifying authorization?
> add a flag blockUnauthenticated to BasicAutPlugin
> -------------------------------------------------
>
> Key: SOLR-8429
> URL: https://issues.apache.org/jira/browse/SOLR-8429
> Project: Solr
> Issue Type: Improvement
> Reporter: Noble Paul
> Assignee: Noble Paul
>
> If authentication is setup with BasicAuthPlugin, it let's all requests go through if no credentials are passed. This was done to have minimal impact for users who only wishes to protect a few end points (say , collection admin and core admin only)
> We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests to go in
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org