[ https://issues.apache.org/jira/browse/SOLR-8408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15055944#comment-15055944 ]
Kristine Jetzke commented on SOLR-8408: --------------------------------------- I still observed the problem after protecting the read path as suggested here: http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201512.mbox/%3CCABVqxwD+1Ru2MXLvd6KEJ07vkMQ1mj9piOUE_mdSEyxm=zt...@mail.gmail.com%3E {code:title=Response from curl http://localhost:8983/solr/admin/authorization} { "responseHeader": { "status": 0, "QTime": 0 }, "authorization.enabled": true, "authorization": { "class": "solr.RuleBasedAuthorizationPlugin", "permissions": [ { "name": "security-edit", "role": "admin" }, { "name": "read", "role": "admin" } ], "user-role": { "solr": "admin" }, "": { "v": 2 } } } {code} > Basic Auth Plugin doesn't require any credentials, doesn't enforce > authentication > --------------------------------------------------------------------------------- > > Key: SOLR-8408 > URL: https://issues.apache.org/jira/browse/SOLR-8408 > Project: Solr > Issue Type: Bug > Reporter: Hoss Man > Assignee: Noble Paul > Attachments: SOLR-8408.patch > > > as noted on solr-user by Kristine Jetzke, and trivially to reproduce... > {noformat} > # interactively launch solr cloud > $ bin/solr -e cloud > # ... for simplicity of test, pick a single node, 1 shard, 1 replica > # now upload security.json from wiki page... > # https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin > $ server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:9983 -cmd put > /security.json '{ > "authentication":{ > "class":"solr.BasicAuthPlugin", > "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= > Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} > }, > "authorization":{ > "class":"solr.RuleBasedAuthorizationPlugin", > "permissions":[{"name":"security-edit", > "role":"admin"}], > "user-role":{"solr":"admin"} > }}' > # now stop & restart the single node we are using... > $ bin/solr stop -all > $ bin/solr restart -c -p 8983 -s example/cloud/node1/solr > # valid credentials are accepted... > $ curl -u 'solr:SolrRocks' > 'http://localhost:8983/solr/gettingstarted/select?q=*%3A*&wt=json&indent=true' > { > "responseHeader":{ > "status":0, > "QTime":0, > "params":{ > "q":"*:*", > "indent":"true", > "wt":"json"}}, > "response":{"numFound":0,"start":0,"docs":[] > }} > # invalid credentials are denied... > $ curl -u 'solr:SolrBogus' > 'http://localhost:8983/solr/gettingstarted/select?q=*%3A*&wt=json&indent=true' > > <html> > <head> > <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> > <title>Error 401 Bad credentials</title> > </head> > <body><h2>HTTP ERROR 401</h2> > <p>Problem accessing /solr/gettingstarted/select. Reason: > <pre> Bad credentials</pre></p><hr><i><small>Powered by > Jetty://</small></i><hr/> > </body> > </html> > # requests w/o credentials are accepted even though they should be denied... > $ curl > 'http://localhost:8983/solr/gettingstarted/select?q=*%3A*&wt=json&indent=true'{ > "responseHeader":{ > "status":0, > "QTime":0, > "params":{ > "q":"*:*", > "indent":"true", > "wt":"json"}}, > "response":{"numFound":0,"start":0,"docs":[] > }} > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org