You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@solr.apache.org by Mike Cochrane <Co...@landcareresearch.co.nz> on 2021/10/05 06:15:44 UTC
Is it possible to secure a core?
Hi
I have a basic instance of SOLR (8.10.0) running on Windows.
I'm using the RuleBasedAuthorizationPlugin for authorization and can't seem to figure out the configuration to allow me to secure a Core (as opposed to a Collection).
In the logs I see the following for a basic request (while authenticated as the nzor_user user)
http://dev-solr-02:8983/solr/config-test/select?indent=true&q.op=OR&q=*%3A*
2021-10-05 05:20:21.801 DEBUG (qtp320304382-18) [ x:config-test] o.a.s.s.RuleBasedAuthorizationPluginBase Attempting to authorize request to [/select] of type: [READ], associated with collections [[]]
2021-10-05 05:20:21.801 DEBUG (qtp320304382-18) [ x:config-test] o.a.s.s.RuleBasedAuthorizationPluginBase Authorizing collection-aware request, checking perms applicable to all (*) collections
2021-10-05 05:20:21.801 TRACE (qtp320304382-18) [ x:config-test] o.a.s.s.RuleBasedAuthorizationPluginBase Following perms are associated with collection
The request does not seem to be associated with a collection so it isn't resolving to the rule that I have set up for the config-test core.
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[
{
"name":"permission-biota-read",
"role":["role-biota-read"],
"collection":["config-test"],
"path":["*"],
"params":{},
"index":1,
"method":["GET"]},
{
"name":"security-edit",
"role":"admin",
"index":2},
{
"name":"all",
"role":["admin"],
"index":3}],
"user-role":{
"solr":"admin",
"nzor_user":["role-biota-read"]}
I guess after looking at the docs and a bit of Googling everything talks about collections so I'm wondering on a single (non-cloud) instance can I restrict access for users to only read a particular core?
Cheers
Mike
Mike Cochrane
IT SERVICES | INFORMATICS
Manaaki Whenua - Landcare Research
www.landcareresearch.co.nz<https://www.landcareresearch.co.nz/>
[cid:image001.png@01D7BA1D.0D76B3E0]
________________________________
Please consider the environment before printing this email
Warning: This electronic message together with any attachments is confidential. If you receive it in error: (i) you must not read, use, disclose, copy or retain it; (ii) please contact the sender immediately by reply email and then delete the emails.
The views expressed in this email may not be those of Landcare Research New Zealand Limited. http://www.landcareresearch.co.nz
Re: Is it possible to secure a core?
Posted by Thomas Corthals <th...@klascement.net>.
Hello Mike,
Unfortunately rules can only have a collection scope in SolrCloud, not a
core scope in standalone Solr.
I asked about core specific rules recently:
http://mail-archives.apache.org/mod_mbox/solr-users/202105.mbox/%3cCABEwPvEzZMF5KKAEkoik7o-uVxiqZi43e-J7thSF0p213Gyg-Q@mail.gmail.com%3e
Thomas
Op di 5 okt. 2021 om 08:15 schreef Mike Cochrane <
CochraneM@landcareresearch.co.nz>:
> Hi
>
>
>
> I have a basic instance of SOLR (8.10.0) running on Windows.
>
>
>
> I’m using the RuleBasedAuthorizationPlugin for authorization and can’t
> seem to figure out the configuration to allow me to secure a Core (as
> opposed to a Collection).
>
>
>
> In the logs I see the following for a basic request (while authenticated
> as the nzor_user user)
>
>
>
> http://dev-solr-02:8983/solr/config-test/select?indent=true&q.op=OR&q=*%3A*
>
>
>
> 2021-10-05 05:20:21.801 DEBUG (qtp320304382-18) [ x:config-test]
> o.a.s.s.RuleBasedAuthorizationPluginBase Attempting to authorize request to
> [/select] of type: [READ], associated with collections [[]]
>
> 2021-10-05 05:20:21.801 DEBUG (qtp320304382-18) [ x:config-test]
> o.a.s.s.RuleBasedAuthorizationPluginBase Authorizing collection-aware
> request, checking perms applicable to all (*) collections
>
> 2021-10-05 05:20:21.801 TRACE (qtp320304382-18) [ x:config-test]
> o.a.s.s.RuleBasedAuthorizationPluginBase Following perms are associated
> with collection
>
>
>
> The request does not seem to be associated with a collection so it isn’t
> resolving to the rule that I have set up for the config-test core.
>
>
>
> "authorization":{
>
> "class":"solr.RuleBasedAuthorizationPlugin",
>
> "permissions":[
>
> {
>
> "name":"permission-biota-read",
>
> "role":["role-biota-read"],
>
> "collection":["config-test"],
>
> "path":["*"],
>
> "params":{},
>
> "index":1,
>
> "method":["GET"]},
>
> {
>
> "name":"security-edit",
>
> "role":"admin",
>
> "index":2},
>
> {
>
> "name":"all",
>
> "role":["admin"],
>
> "index":3}],
>
> "user-role":{
>
> "solr":"admin",
>
> "nzor_user":["role-biota-read"]}
>
>
>
> I guess after looking at the docs and a bit of Googling everything talks
> about collections so I’m wondering on a single (non-cloud) instance can I
> restrict access for users to only read a particular core?
>
>
>
> Cheers
>
> Mike
>
>
>
> *Mike Cochrane*
>
> IT SERVICES | INFORMATICS
>
> Manaaki Whenua – Landcare Research
>
> www.landcareresearch.co.nz
>
>
>
> ------------------------------
>
> Please consider the environment before printing this email
> Warning: This electronic message together with any attachments is
> confidential. If you receive it in error: (i) you must not read, use,
> disclose, copy or retain it; (ii) please contact the sender immediately by
> reply email and then delete the emails.
> The views expressed in this email may not be those of Landcare Research
> New Zealand Limited. http://www.landcareresearch.co.nz
>