[ https://issues.apache.org/jira/browse/SOLR-15573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Potter updated SOLR-15573: ---------------------------------- Comment: was deleted (was: Note: If I can't figure this out, I'll revert the new Security UI from 8x :() > Basic auth must set blockUnknown=true for Admin UI to force login, with > blockUnknown=false there's no way to login to the admin UI to do privileged > actions > ----------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: SOLR-15573 > URL: https://issues.apache.org/jira/browse/SOLR-15573 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Timothy Potter > Assignee: Timothy Potter > Priority: Major > Fix For: 8.10 > > Attachments: no-username-but-basic-auth-enabled.png > > > These env vars get set in {{solr.in.sh}} > {code} > # The following lines added by ./solr for enabling BasicAuth > SOLR_AUTH_TYPE="basic" > SOLR_AUTHENTICATION_OPTS="-Dsolr.httpclient.config=/Users/tjp/dev/oss/lucene-solr-8x/solr/server/solr/basicAuth.conf" > {code} > When you visit the Admin UI, there's no login / logout (b/c the UI relies on > seeing a 401 from the server when auth is enabled but since basicAuth.conf > supplies the credentials, requests pass through?). This also confuses the new > Security UI b/c it depends on having a username. > The security section that comes back from {{admin/system/info}} doesn't have > a username, which means the {{req.getUserPrincipal()}} is null? > I didn't catch this initially when testing the new security UI against 8x as > I supplied my own security.json with a different realm name. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org