[GitHub] [solr] janhoy commented on pull request #296: SOLR-15626: Fix `config-read` permission.

GitBox Mon, 04 Oct 2021 11:52:02 -0700


janhoy commented on pull request #296:
URL: https://github.com/apache/solr/pull/296#issuecomment-933760301



   @epugh  I managed to reproduce the issue both on main and 8.10, and to 
verify the fix on this branch. The security.json I used was this
   ```json
   {
     "authentication": {
       "blockUnknown": true,
       "class": "solr.BasicAuthPlugin",
       "credentials": {
         "solr": "66HnQCUN0FcnpeoLFQYg91wc4S1RqwmsLmM5LOEoInM= 
1qNFcGO1IWaEg5mcvvQCl36GYBjj/paXGXc7B6pyvr4=",
         "root": "66HnQCUN0FcnpeoLFQYg91wc4S1RqwmsLmM5LOEoInM= 
1qNFcGO1IWaEg5mcvvQCl36GYBjj/paXGXc7B6pyvr4="
       }
     },
     "authorization": {
       "class": "solr.RuleBasedAuthorizationPlugin",
       "permissions": [
         {
           "name": "config-read",
           "role": ["solr"]
         },
         {
           "name": "all",
           "role": "admin"
         }
       ],
       "user-role": {
         "admin": "admin",
         "solr": "solr"
       }
     }
   }
   ```
   
   Then I hit http://localhost:8983/solr/admin/configs?action=LIST in Firefox 
and enter either 'solr/solr' or 'root/solr' as user/pass. The 'solr' user does 
not gain access without this patch.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[GitHub] [solr] janhoy commented on pull request #296: SOLR-15626: Fix `config-read` permission.

Reply via email to