[ https://issues.apache.org/jira/browse/SOLR-8408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056024#comment-15056024 ]
Kristine Jetzke commented on SOLR-8408: --------------------------------------- Here is the output of all commands {code} $ curl http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d '{ > set-user : {scott : abc1234}}' { "responseHeader":{ "status":0, "QTime":12}} $ curl http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ > set-user-role : {scott : admin}, > set-user-role: {solr: dev}}' { "responseHeader":{ "status":0, "QTime":7}} $ curl http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ > set-permission : {name : security-edit , role: admin}}' { "responseHeader":{ "status":0, "QTime":6}} $ curl http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ > set-permission : {name : collection-admin-edit, role : admin}}' <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 401 Unauthorized request, Response code: 401</title> </head> <body><h2>HTTP ERROR 401</h2> <p>Problem accessing /solr/admin/authorization. Reason: <pre> Unauthorized request, Response code: 401</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html> $ curl --user scott:abc1234 http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ > set-permission : {name : collection-admin-edit, role : admin}}' { "responseHeader":{ "status":0, "QTime":6}} $ curl http://localhost:8983/solr/gettingstarted/select?q=*:* <?xml version="1.0" encoding="UTF-8"?> <response> <lst name="responseHeader"><int name="status">0</int><int name="QTime">67</int><lst name="params"><str name="q">*:*</str></lst></lst><result name="response" numFound="0" start="0" maxScore="0.0"></result> </response> $ curl --user scott:abc1234 http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{ > set-permission : {name : read, role : dev}}' { "responseHeader":{ "status":0, "QTime":5}} $ curl http://localhost:8983/solr/gettingstarted/select?q=*:* <?xml version="1.0" encoding="UTF-8"?> <response> <lst name="responseHeader"><int name="status">0</int><int name="QTime">10</int><lst name="params"><str name="q">*:*</str></lst></lst><result name="response" numFound="0" start="0" maxScore="0.0"></result> </response> {code} > Basic Auth Plugin doesn't require any credentials, doesn't enforce > authentication > --------------------------------------------------------------------------------- > > Key: SOLR-8408 > URL: https://issues.apache.org/jira/browse/SOLR-8408 > Project: Solr > Issue Type: Bug > Reporter: Hoss Man > Assignee: Noble Paul > Attachments: SOLR-8408.patch > > > as noted on solr-user by Kristine Jetzke, and trivially to reproduce... > {noformat} > # interactively launch solr cloud > $ bin/solr -e cloud > # ... for simplicity of test, pick a single node, 1 shard, 1 replica > # now upload security.json from wiki page... > # https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin > $ server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:9983 -cmd put > /security.json '{ > "authentication":{ > "class":"solr.BasicAuthPlugin", > "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= > Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} > }, > "authorization":{ > "class":"solr.RuleBasedAuthorizationPlugin", > "permissions":[{"name":"security-edit", > "role":"admin"}], > "user-role":{"solr":"admin"} > }}' > # now stop & restart the single node we are using... > $ bin/solr stop -all > $ bin/solr restart -c -p 8983 -s example/cloud/node1/solr > # valid credentials are accepted... > $ curl -u 'solr:SolrRocks' > 'http://localhost:8983/solr/gettingstarted/select?q=*%3A*&wt=json&indent=true' > { > "responseHeader":{ > "status":0, > "QTime":0, > "params":{ > "q":"*:*", > "indent":"true", > "wt":"json"}}, > "response":{"numFound":0,"start":0,"docs":[] > }} > # invalid credentials are denied... > $ curl -u 'solr:SolrBogus' > 'http://localhost:8983/solr/gettingstarted/select?q=*%3A*&wt=json&indent=true' > > <html> > <head> > <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> > <title>Error 401 Bad credentials</title> > </head> > <body><h2>HTTP ERROR 401</h2> > <p>Problem accessing /solr/gettingstarted/select. Reason: > <pre> Bad credentials</pre></p><hr><i><small>Powered by > Jetty://</small></i><hr/> > </body> > </html> > # requests w/o credentials are accepted even though they should be denied... > $ curl > 'http://localhost:8983/solr/gettingstarted/select?q=*%3A*&wt=json&indent=true'{ > "responseHeader":{ > "status":0, > "QTime":0, > "params":{ > "q":"*:*", > "indent":"true", > "wt":"json"}}, > "response":{"numFound":0,"start":0,"docs":[] > }} > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org