Copilot commented on code in PR #4374: URL: https://github.com/apache/solr/pull/4374#discussion_r3152756400
########## solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc: ########## @@ -97,6 +97,13 @@ The project normally doesn't remove functionality in a minor release, but we mad +NOTE: The previous parse-context-based configuration (`parseContext.config`) is no longer supported. Tika parser-specific properties must now be configured directly on the Tika Server itself, rather than through Solr configuration. Please refer to the Tika Server documentation for details on how to set these properties. +=== JWT Authentication Plugin: `blockUnknown` documentation Corrected Review Comment: Section heading capitalization looks inconsistent with nearby headings (sentence case). Consider changing "documentation Corrected" to "documentation corrected" (or rephrasing to sentence case) for consistency. ########## solr/solr-ref-guide/modules/deployment-guide/pages/jwt-authentication-plugin.adoc: ########## @@ -42,17 +42,22 @@ The simplest possible `security.json` for registering the plugin without configu } ---- -The plugin will by default require a valid JWT token for all traffic. +[WARNING] +==== +Earlier versions of this documentation incorrectly stated that `blockUnknown` defaulted to `true`. The actual default is `false`, meaning requests without a JWT token are passed through unauthenticated. If you intend to require authentication for all requests, you must explicitly set `"blockUnknown": true` in your `security.json`. +==== + +By default, `blockUnknown` is `false`, so requests without a JWT token are passed through unauthenticated. -If the `blockUnknown` property is set to `false` as in the above example, it is possible to start configuring the plugin using unauthenticated REST API calls, which is further described in section <<Editing JWT Authentication Plugin Configuration>>. +With `blockUnknown` set to `false` (the default, as shown above), you can configure the plugin using unauthenticated REST API calls, which is further described in section <<Editing JWT Authentication Plugin Configuration>>. Review Comment: The sample `security.json` above uses `"blockUnknown":"false"` (a JSON string), while the surrounding text and later examples treat `blockUnknown` as a boolean. Even though the plugin code parses strings, this is confusing for readers; please update the example (and any references like "as shown above") to use a proper JSON boolean (`"blockUnknown": false`). ########## solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc: ########## @@ -97,6 +97,13 @@ The project normally doesn't remove functionality in a minor release, but we mad +NOTE: The previous parse-context-based configuration (`parseContext.config`) is no longer supported. Tika parser-specific properties must now be configured directly on the Tika Server itself, rather than through Solr configuration. Please refer to the Tika Server documentation for details on how to set these properties. +=== JWT Authentication Plugin: `blockUnknown` documentation Corrected + +The `blockUnknown` configuration parameter of the xref:deployment-guide:jwt-authentication-plugin.adoc[JWT Authentication Plugin] defaults to `false`, meaning requests without a JWT token are passed through unauthenticated. +Previous versions of the reference guide incorrectly stated the default was `true`. + +* Users who relied on the (incorrectly documented) default of `true` should explicitly add `"blockUnknown": true` to their `authentication` block in `security.json` to preserve the intended behaviour. Review Comment: This note says JWTAuthPlugin `blockUnknown` defaults to `false`, but later in this same document (Solr 9.0 -> Security) there is an existing bullet stating `blockUnknown` in both BasicAuthPlugin and JWTAuthPlugin defaults to `true` instead of `false`. These statements conflict; please correct or remove the older bullet so the upgrade notes have a single, accurate default documented. ########## changelog/unreleased/SOLR-18216-jwt-blockUnknown-default-docs.yml: ########## @@ -0,0 +1,8 @@ +# See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc +title: "JWT Authentication Plugin: correct documentation of `blockUnknown` default value (`false`, not `true`). See upgrade notes in the reference guide for more" Review Comment: Changelog `title` ends with "for more", which reads like an incomplete sentence. Consider rewording to finish the thought (e.g., "for more details") or drop that trailing fragment. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
