[
https://issues.apache.org/jira/browse/SOLR-13649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16918294#comment-16918294
]
ASF subversion and git services commented on SOLR-13649:
--------------------------------------------------------
Commit b37d92bfee63a9ede2a754347cbe8627dedade33 in lucene-solr's branch
refs/heads/master from Marcus
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=b37d92b ]
SOLR-13649 change the default behavior of the basic authentication plugin.
(#805)
SOLR-13649: Property 'blockUnknown' of BasicAuthPlugin and JWTAuthPlugin now
defaults to 'true'. This change is backward incompatible. To achieve the
previous default behavior, explicitly set 'blockUnknown':'false' in
security.json
> BasicAuth's 'blockUnknown' param should default to true
> -------------------------------------------------------
>
> Key: SOLR-13649
> URL: https://issues.apache.org/jira/browse/SOLR-13649
> Project: Solr
> Issue Type: Improvement
> Components: Admin UI, Authentication, security
> Affects Versions: 7.7.2, 8.1.1
> Environment: All
> Reporter: Marcus Eagan
> Assignee: Shalin Shekhar Mangar
> Priority: Major
> Labels: Authentication
> Fix For: master (9.0)
>
> Time Spent: 9h 10m
> Remaining Estimate: 0h
>
> If someone seeks to enable basic authentication but they do not specify the
> {{blockUnknown}} parameter, the default value is {{false}}. That default
> behavior is a bit counterintuitive because if someone wishes to enable basic
> authentication, you would expect that they would want all unknown users to
> need to authenticate by default. I can imagine cases where you would not, but
> those cases would be less frequent.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
