[jira] [Created] (SOLR-13097) RuleBasedAuthorizationPlugin is not fully fonctionnal in Solr standalone mode

Tue, 01 Jan 2019 23:18:39 -0800 

Dominique Béjean created SOLR-13097:
---------------------------------------

             Summary: RuleBasedAuthorizationPlugin is not fully fonctionnal in 
Solr standalone mode
                 Key: SOLR-13097
                 URL: https://issues.apache.org/jira/browse/SOLR-13097
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
          Components: Authentication
    Affects Versions: 7.5, 6.6.5
            Reporter: Dominique Béjean


In Solr standalone mode, the collections element of the request context is not 
populated by the core name.

For instance, the following request:

{{http://user1:xxxxxx@localhost:8983/solr/biblio/select?indent=on&q=*:*&wt=json}}

reports this in log:

{{2018-12-30 12:24:52.102 INFO (qtp1731656333-20) [ x:biblio] 
o.a.s.s.HttpSolrCall USER_REQUIRED auth header Basic Mjox context : 
userPrincipal: [[principal: 2]] type: [READ], collections: [], Path: [/select] 
path : /select params :q=*:*&indent=on&wt=json}}

The consequence is that RuleBasedAuthorizationPlugin is not able to apply this 
kind of permission:

{{{"name":"read-biblio",}}
{{ "path":"/select",}}
{{ "role":["admin","read","r1"],}}
{{ "collection":"biblio",}}
{{ "index":2}}}

In Solrcloud mode in the init() method of HttpSolrCall.java, the collections 
element is populated with either the collection name matching the core name in 
the request or the collection names provided in the collection parameter.

{{if (cores.isZooKeeperAware()) {}}
{{    // init collectionList (usually one name but not when there are aliases)}}
{{    String def = core != null ? core.getCoreDescriptor().getCollectionName() 
: origCorename;}}
{{    collectionsList = 
resolveCollectionListOrAlias(queryParams.get(COLLECTION_PROP, def)); // 
&collection= takes precedence}}
{{    ...}}
{{ }}}

I expect init() method could be improved in order to populate collections 
element with the core name for Solr standalone mode.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to