You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Ishan Chattopadhyaya (JIRA)" <ji...@apache.org> on 2017/05/09 05:49:04 UTC
[jira] [Comment Edited] (SOLR-8440) Script support for enabling
basic auth
[ https://issues.apache.org/jira/browse/SOLR-8440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16002079#comment-16002079 ]
Ishan Chattopadhyaya edited comment on SOLR-8440 at 5/9/17 5:48 AM:
--------------------------------------------------------------------
bq. Ishan Chattopadhyaya, have you tested the patch with -blockUnknown true? If I'm not mistaken, it will cause Solr to be locked down and not even the admin user will be able to /query or /update
I have tested the blockUnknown functionality here. When used, this locks down Solr to everyone, except the initial user (that was added to the admin role using the -enable). More users can be added using REST API by using that user's credentials.
bq. Is there any way, using same security.json, to just flip blockUnknown and allow the admin user to do everything once authenticated?
blockUnknown is meant to block out access for those users that are not known to the system. The user that was already added (and given admin role) will continue to have access to do whatever he wants.
was (Author: ichattopadhyaya):
bq. Ishan Chattopadhyaya, have you tested the patch with -blockUnknown true?
If I'm not mistaken, it will cause Solr to be locked down and not even the admin user will be able to /query or /update
I have tested the blockUnknown functionality here. When used, this locks down Solr to everyone, except the initial user (that was added to the admin role using the -enable). More users can be added using REST API by using that user's credentials.
bq. Is there any way, using same security.json, to just flip blockUnknown and allow the admin user to do everything once authenticated?
blockUnknown is meant to block out access for those users that are not known to the system. The user that was already added (and given admin role) will continue to have access to do whatever he wants.
> Script support for enabling basic auth
> --------------------------------------
>
> Key: SOLR-8440
> URL: https://issues.apache.org/jira/browse/SOLR-8440
> Project: Solr
> Issue Type: New Feature
> Components: scripts and tools
> Reporter: Jan Høydahl
> Assignee: Ishan Chattopadhyaya
> Labels: authentication, security
> Attachments: SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch
>
>
> Now that BasicAuthPlugin will be able to work without an AuthorizationPlugin (SOLR-8429), it would be sweet to provide a super simple way to "Password protect Solr"™ right from the command line:
> {noformat}
> bin/solr basicAuth -adduser -user solr -pass SolrRocks
> {noformat}
> It would take the mystery out of enabling one single password across the board. The command would do something like this
> # Check if HTTPS is enabled, and if not, print a friendly warning
> # Check if {{/security.json}} already exists
> ## NO => create one with only plugin class defined
> ## YES => Abort if exists but plugin is not {{BasicAuthPlugin}}
> # Using security REST API, add the new user
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org