You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Ishan Chattopadhyaya (JIRA)" <ji...@apache.org> on 2019/07/15 09:38:00 UTC
[jira] [Updated] (SOLR-13619) Kerberos: 403 when node doesn't host
collection
[ https://issues.apache.org/jira/browse/SOLR-13619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ishan Chattopadhyaya updated SOLR-13619:
----------------------------------------
Attachment: SOLR-13619.patch
Status: Open (was: Open)
Here's a patch based on discussion with Noble.
> Kerberos: 403 when node doesn't host collection
> -----------------------------------------------
>
> Key: SOLR-13619
> URL: https://issues.apache.org/jira/browse/SOLR-13619
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ishan Chattopadhyaya
> Assignee: Ishan Chattopadhyaya
> Priority: Major
> Attachments: SOLR-13619.patch
>
>
> This is a spin off from SOLR-13472, specifically to tackle the Kerberos case. Here's the security.json to reproduce the same problem as of SOLR-13472:
> {code}
> {
> "authentication": {"class": "org.apache.solr.security.KerberosPlugin"},
> "authorization": {
> "class": "solr.RuleBasedAuthorizationPlugin",
> "permissions": [
> {
> "name": "read",
> "role": "*"
> },
> {
> "name": "update",
> "role": [
> "indexer",
> "admin"
> ]
> },
> {
> "name": "all",
> "role": "admin"
> }
> ],
> "user-role": {
> "HTTP/solr1@EXAMPLE.COM": "admin",
> "HTTP/solr2@EXAMPLE.COM": "admin",
> "client@EXAMPLE.COM": "indexer"
> }
> }
> }
> {code}
> Here, client@EXAMPLE.COM should be able to issue /update and /select requests to both solr1 and solr2, but it throws 403 for the node that doesn't host the collection.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org