You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by GitBox <gi...@apache.org> on 2019/04/02 08:09:06 UTC

[GitHub] [lucene-solr] janhoy commented on a change in pull request #630: SOLR-13344: Admin UI inaccessible with RuleBasedAuthorizationPlugin

janhoy commented on a change in pull request #630: SOLR-13344: Admin UI inaccessible with RuleBasedAuthorizationPlugin
URL: https://github.com/apache/lucene-solr/pull/630#discussion_r271177896
 
 

 ##########
 File path: solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
 ##########
 @@ -550,6 +550,7 @@ public Action call() throws IOException {
   private boolean shouldAuthorize() {
     if(PublicKeyHandler.PATH.equals(path)) return false;
     //admin/info/key is the path where public key is exposed . it is always unsecured
+    if ("/".equals(path)) return false; // Static Admin UI files must always be served 
 
 Review comment:
   Yea. The LoadAdminUIServlet maps to "/" but then there is a rewriteRule to /solr/. But when I tested this patch locally, /solr/ worked as well, that's why I kept it so. But the check should probably be consistent between auth and autz.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org