[ https://issues.apache.org/jira/browse/SOLR-8439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15070123#comment-15070123 ]
Shawn Heisey commented on SOLR-8439: ------------------------------------ Made a typo. The comment edit option is missing, probably because the issue is closed. SOLR-8617 should have been SOLR-8167. > Solr Security - Permission read does not work as expected > --------------------------------------------------------- > > Key: SOLR-8439 > URL: https://issues.apache.org/jira/browse/SOLR-8439 > Project: Solr > Issue Type: Bug > Components: security > Affects Versions: 5.3.1 > Environment: Linux, Solr Cloud > Reporter: Gaurav Kumar > Priority: Critical > Original Estimate: 3h > Remaining Estimate: 3h > > I enabled security on my solr cloud and added basic authentication and > authorization to allow only specific users to read and update the records. > What I observed that update works fine but read does not stop from anonymous > access. > On digging deeper I saw that RuleBasedAuthorizationPlugin.java has > incorrectly defined the read permissions as follows: > read :{" + > " path:['/update/*', '/get']}," + > It should be /select/* rather than /update/* -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org