[
https://issues.apache.org/jira/browse/SOLR-15296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17404432#comment-17404432
]
Jan Høydahl commented on SOLR-15296:
------------------------------------
This also ties in with {{blockUnknown}} flag, I believe if blockUnknown=false
then it is possible to defer to RBAC whether to allow a path or not. But many
users want to run with blockUnknown=true, so it has to work there as well.
Please change the title of this Jira to be generic, and not only about JWT.
> Provide allowlisting mechanism in the JWT auth plugin to ignore paths like
> login
> --------------------------------------------------------------------------------
>
> Key: SOLR-15296
> URL: https://issues.apache.org/jira/browse/SOLR-15296
> Project: Solr
> Issue Type: Wish
> Components: Authorization, Plugin system
> Reporter: Zhenxu Ke
> Assignee: David Eric Pugh
> Priority: Major
>
> I'm recently working (with [~epugh] ) on YASA to make it work under the auth
> plugins.
>
> I saw in the codes that the authenticator allowlists the Admin login path
> `{{/solr/` explicitly}}, while for YASA, its path must start with `{{/v2`}} ,
> not matching the whitelisted paths and will be intercepted, hence the login
> page won't be reached and redirected, I also didn't find a allowlisting
> mechanism in the JWT auth plugin, and
> [RBAP|https://nightlies.apache.org/Solr/Solr-reference-guide-main/rule-based-authorization-plugin.html]
> doesn't seem to fit this case either. So I'm wondering if it's possible to
> provide allowlisting mechanism in the JWT auth plugin, so that users can
> configure the login paths for plugins like YASA to work?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
