Märt created SOLR-13344: --------------------------- Summary: Admin UI inaccessible with RuleBasedAuthorizationPlugin Key: SOLR-13344 URL: https://issues.apache.org/jira/browse/SOLR-13344 Project: Solr Issue Type: Bug Security Level: Public (Default Security Level. Issues are Public) Components: Admin UI, Authentication Affects Versions: 8.0, 7.7 Reporter: Märt
SOLR-7896 made some changes to the admin ui login. After the changes I can no longer log in at all. I'm running standalone solr 7.7 (same with 8.0) with the following security.json: {code} { "authentication": { "class": "solr.BasicAuthPlugin", "blockUnknown": true, "credentials": { "solr": "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=" }, }, "authorization": { "class": "solr.RuleBasedAuthorizationPlugin", "permissions": [ { "name": "all", "role": "admin" } ], "user-role": { "solr": "admin" } } } {code} Opening the UI at http://localhost:8080/solr/ shows an error page with 401. The login page is not displayed because of the "all" permission being required. The browser's basic auth popup is not shown because the WWW-Authenticate header is not present. Changing the RuleBasedAuthorizationPlugin required permission from "all" to "security-edit" makes the login page appear. The bug can be reproduced as follows: # unpack solr-8.0.0.zip # copy the security.json example from https://lucene.apache.org/solr/guide/7_7/basic-authentication-plugin.html into server/solr/ and replace "name":"security-edit" with "name":"all" # start with bin/solr -f -p 8080 # open http://localhost:8080/ The bug was discussed on solr-user list http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201903.mbox/%3C7629BDDD-3D22-4203-9188-0E0A8DCF2FEE%40cominvent.com%3E -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org