You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Jason Gerlowski (Jira)" <ji...@apache.org> on 2021/03/10 18:46:00 UTC
[jira] [Commented] (SOLR-15202) Rule-Based Authorization Plugin
parameter for core, not just collection, for non-cluster installations
[ https://issues.apache.org/jira/browse/SOLR-15202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17299061#comment-17299061 ]
Jason Gerlowski commented on SOLR-15202:
----------------------------------------
I've made this ticket public since it's discussing an enhancement to RBAP, and not a specific vulnerability. (Along with Ken's agreement above of course.)
> Rule-Based Authorization Plugin parameter for core, not just collection, for non-cluster installations
> ------------------------------------------------------------------------------------------------------
>
> Key: SOLR-15202
> URL: https://issues.apache.org/jira/browse/SOLR-15202
> Project: Solr
> Issue Type: Wish
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authorization
> Affects Versions: 8.8.1
> Environment: Debian Buster, openjdk 11, Solr 8.8.1 stand-alone, installed as a service
> Reporter: Ken Liccardo
> Priority: Minor
>
> I was trying to limit access to specific CORES but as I was reading the RuleBasedAuthorizationPlugin documentation I conflated the terms "core" and "collection", and was wondering why configuring permissions by core name used in the collection parameter wasn't working. I've used Solr for years as stand-alone but somehow this distinction (core vs collection; I understand now that the latter is only used in solr clusters) escaped me while reading the Authorization documentation. Then I had an "aha" moment when I realized my confusion in terms. So, I don't know if it is difficult to add authorization by core for us stand-alone users. Or, perhaps allow the use of full paths, up to the endpoint, such as "solr/core1/select" instead of just "/select", for the "path" parameter.
>
> Thanks.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org