janhoy commented on a change in pull request #630: SOLR-13344: Admin UI
inaccessible with RuleBasedAuthorizationPlugin
URL: https://github.com/apache/lucene-solr/pull/630#discussion_r271177896
##########
File path: solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
##########
@@ -550,6 +550,7 @@ public Action call() throws IOException {
private boolean shouldAuthorize() {
if(PublicKeyHandler.PATH.equals(path)) return false;
//admin/info/key is the path where public key is exposed . it is always
unsecured
+ if ("/".equals(path)) return false; // Static Admin UI files must always
be served
Review comment:
Yea. The LoadAdminUIServlet maps to "/" but then there is a rewriteRule to
/solr/. But when I tested this patch locally, /solr/ worked as well, that's why
I kept it so. But the check should probably be consistent between auth and autz.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
