janhoy commented on a change in pull request #630: SOLR-13344: Admin UI inaccessible with RuleBasedAuthorizationPlugin URL: https://github.com/apache/lucene-solr/pull/630#discussion_r271177896
########## File path: solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java ########## @@ -550,6 +550,7 @@ public Action call() throws IOException { private boolean shouldAuthorize() { if(PublicKeyHandler.PATH.equals(path)) return false; //admin/info/key is the path where public key is exposed . it is always unsecured + if ("/".equals(path)) return false; // Static Admin UI files must always be served Review comment: Yea. The LoadAdminUIServlet maps to "/" but then there is a rewriteRule to /solr/. But when I tested this patch locally, /solr/ worked as well, that's why I kept it so. But the check should probably be consistent between auth and autz. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org