[ https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15063918#comment-15063918 ]
Noble Paul commented on SOLR-8429: ---------------------------------- bq.have any clue that absolutely nothing will be protected – unless that was the default? A person configuring security will follow our documentation. Our documentation will have {{blockUnknown=true}} in the sample. So his setup is be protected automatically. bq.Related: Should we protect the user against locking herself out, Nice to have. Anyway he has the option of overwriting the {{security.json}} if he screws up badly > add a flag blockUnknown to BasicAutPlugin > ----------------------------------------- > > Key: SOLR-8429 > URL: https://issues.apache.org/jira/browse/SOLR-8429 > Project: Solr > Issue Type: Improvement > Reporter: Noble Paul > Assignee: Noble Paul > > If authentication is setup with BasicAuthPlugin, it let's all requests go > through if no credentials are passed. This was done to have minimal impact > for users who only wishes to protect a few end points (say , collection admin > and core admin only) > We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests > to go in > the users can create the first security.json with that flag > {code} > server/scripts/cloud-scripts/zkcli.sh -z localhost:9983 -cmd put > /security.json '{"authentication": {"class": "solr.BasicAuthPlugin", > "blockUnknown": true, > "credentials": {"solr": "orwp2Ghgj39lmnrZOTm7Qtre1VqHFDfwAEzr0ApbN3Y= > Ju5osoAqOX8iafhWpPP01E5P+sg8tK8tHON7rCYZRRw="}}}' > {code} > or add the flag later > using the command > {code} > curl http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{ > {set-property:{blockUnknown:true} > }' > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org