janhoy commented on pull request #296: URL: https://github.com/apache/solr/pull/296#issuecomment-933760301
@epugh I managed to reproduce the issue both on main and 8.10, and to verify the fix on this branch. The security.json I used was this ```json { "authentication": { "blockUnknown": true, "class": "solr.BasicAuthPlugin", "credentials": { "solr": "66HnQCUN0FcnpeoLFQYg91wc4S1RqwmsLmM5LOEoInM= 1qNFcGO1IWaEg5mcvvQCl36GYBjj/paXGXc7B6pyvr4=", "root": "66HnQCUN0FcnpeoLFQYg91wc4S1RqwmsLmM5LOEoInM= 1qNFcGO1IWaEg5mcvvQCl36GYBjj/paXGXc7B6pyvr4=" } }, "authorization": { "class": "solr.RuleBasedAuthorizationPlugin", "permissions": [ { "name": "config-read", "role": ["solr"] }, { "name": "all", "role": "admin" } ], "user-role": { "admin": "admin", "solr": "solr" } } } ``` Then I hit http://localhost:8983/solr/admin/configs?action=LIST in Firefox and enter either 'solr/solr' or 'root/solr' as user/pass. The 'solr' user does not gain access without this patch. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org