[ https://issues.apache.org/jira/browse/SOLR-15296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17404432#comment-17404432 ]
Jan Høydahl commented on SOLR-15296: ------------------------------------ This also ties in with {{blockUnknown}} flag, I believe if blockUnknown=false then it is possible to defer to RBAC whether to allow a path or not. But many users want to run with blockUnknown=true, so it has to work there as well. Please change the title of this Jira to be generic, and not only about JWT. > Provide allowlisting mechanism in the JWT auth plugin to ignore paths like > login > -------------------------------------------------------------------------------- > > Key: SOLR-15296 > URL: https://issues.apache.org/jira/browse/SOLR-15296 > Project: Solr > Issue Type: Wish > Components: Authorization, Plugin system > Reporter: Zhenxu Ke > Assignee: David Eric Pugh > Priority: Major > > I'm recently working (with [~epugh] ) on YASA to make it work under the auth > plugins. > > I saw in the codes that the authenticator allowlists the Admin login path > `{{/solr/` explicitly}}, while for YASA, its path must start with `{{/v2`}} , > not matching the whitelisted paths and will be intercepted, hence the login > page won't be reached and redirected, I also didn't find a allowlisting > mechanism in the JWT auth plugin, and > [RBAP|https://nightlies.apache.org/Solr/Solr-reference-guide-main/rule-based-authorization-plugin.html] > doesn't seem to fit this case either. So I'm wondering if it's possible to > provide allowlisting mechanism in the JWT auth plugin, so that users can > configure the login paths for plugins like YASA to work? > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org