Märt created SOLR-13344:
---------------------------
Summary: Admin UI inaccessible with RuleBasedAuthorizationPlugin
Key: SOLR-13344
URL: https://issues.apache.org/jira/browse/SOLR-13344
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: Admin UI, Authentication
Affects Versions: 8.0, 7.7
Reporter: Märt
SOLR-7896 made some changes to the admin ui login. After the changes I can no
longer log in at all.
I'm running standalone solr 7.7 (same with 8.0) with the following
security.json:
{code}
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"blockUnknown": true,
"credentials": {
"solr": "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
},
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"permissions": [
{
"name": "all",
"role": "admin"
}
],
"user-role": {
"solr": "admin"
}
}
}
{code}
Opening the UI at http://localhost:8080/solr/ shows an error page with 401. The
login page is not displayed because of the "all" permission being required. The
browser's basic auth popup is not shown because the WWW-Authenticate header is
not present. Changing the RuleBasedAuthorizationPlugin required permission from
"all" to "security-edit" makes the login page appear.
The bug can be reproduced as follows:
# unpack solr-8.0.0.zip
# copy the security.json example from
https://lucene.apache.org/solr/guide/7_7/basic-authentication-plugin.html into
server/solr/ and replace "name":"security-edit" with "name":"all"
# start with bin/solr -f -p 8080
# open http://localhost:8080/
The bug was discussed on solr-user list
http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201903.mbox/%3C7629BDDD-3D22-4203-9188-0E0A8DCF2FEE%40cominvent.com%3E
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
