You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Ishan Chattopadhyaya (JIRA)" <ji...@apache.org> on 2019/07/11 00:38:00 UTC
[jira] [Created] (SOLR-13619) Kerberos: 403 when node doesn't host
collection
Ishan Chattopadhyaya created SOLR-13619:
-------------------------------------------
Summary: Kerberos: 403 when node doesn't host collection
Key: SOLR-13619
URL: https://issues.apache.org/jira/browse/SOLR-13619
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Ishan Chattopadhyaya
Assignee: Ishan Chattopadhyaya
This is a spin off from SOLR-13472, specifically to tackle the Kerberos case. Here's the security.json to reproduce the same problem as of SOLR-13472:
{code}
{
"authentication": {"class": "org.apache.solr.security.KerberosPlugin"},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"permissions": [
{
"name": "read",
"role": "*"
},
{
"name": "update",
"role": [
"indexer",
"admin"
]
},
{
"name": "all",
"role": "admin"
}
],
"user-role": {
"HTTP/solr1@EXAMPLE.COM": "admin",
"HTTP/solr2@EXAMPLE.COM": "admin",
"client@EXAMPLE.COM": "indexer"
}
}
}
{code}
Here, client@EXAMPLE.COM should be able to issue /update and /select requests to both solr1 and solr2, but it throws 403 for the node that doesn't host the collection.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org