[ https://issues.apache.org/jira/browse/SOLR-12042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16421258#comment-16421258 ]
Jan Høydahl commented on SOLR-12042: ------------------------------------ Hi, How do you upload security.json? If you upload directly to zk I believe that you need to remove the empty keys before uploading, e.g: {code:json} "":{"v":56}}, {code} > Authorization rules do not work as expected. > -------------------------------------------- > > Key: SOLR-12042 > URL: https://issues.apache.org/jira/browse/SOLR-12042 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication > Affects Versions: 6.6.2 > Environment: SolrCloud, Linux. > Reporter: Nikolay Martynov > Priority: Major > > Authentication rules do not work as expected: more permissions are given than > desired. > This is an example of security.json: > {noformat} > { > "authentication":{ > "blockUnknown":false, > "class":"solr.BasicAuthPlugin", > "credentials":{"admin":"XvyR9ddaDk/kVNBrhJHkeWhqTFQ2uAsv8tDOmkSDwkg= > 3EiRiSQVKYnGDgOwBoY6NJNlOcoRuYZOoUMYB9hgpGw="}, > "":{"v":56}}, > "authorization":{ > "class":"solr.RuleBasedAuthorizationPlugin", > "user-role":{"admin":["admin"]}, > "":{"v":66}, > "permissions":[ > { > "name":"read", > "role":null, > "index":1}, > { > "path":"/admin/info/system", > "collection":null, > "role":null, > "index":2}, > { > "name":"all", > "role":"admin", > "index":3}]}} > {noformat} > With this not authentication is required to create or delete collection. > If one removes second rule (one with path) then authentication is required to > create or destroy collection. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org