[ https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Noble Paul resolved SOLR-8429. ------------------------------ Resolution: Fixed Fix Version/s: Trunk 5.5 > add a flag blockUnknown to BasicAutPlugin > ----------------------------------------- > > Key: SOLR-8429 > URL: https://issues.apache.org/jira/browse/SOLR-8429 > Project: Solr > Issue Type: Improvement > Reporter: Noble Paul > Assignee: Noble Paul > Fix For: 5.5, Trunk > > > If authentication is setup with BasicAuthPlugin, it let's all requests go > through if no credentials are passed. This was done to have minimal impact > for users who only wishes to protect a few end points (say , collection admin > and core admin only) > We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests > to go in > the users can create the first security.json with that flag > {code} > server/scripts/cloud-scripts/zkcli.sh -z localhost:9983 -cmd put > /security.json '{"authentication": {"class": "solr.BasicAuthPlugin", > "blockUnknown": true, > "credentials": {"solr": "orwp2Ghgj39lmnrZOTm7Qtre1VqHFDfwAEzr0ApbN3Y= > Ju5osoAqOX8iafhWpPP01E5P+sg8tK8tHON7rCYZRRw="}}}' > {code} > or add the flag later > using the command > {code} > curl http://localhost:8983/solr/admin/authentication -H > 'Content-type:application/json' -d '{ > {set-property:{blockUnknown:true} > }' > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org