janhoy commented on pull request #355:
URL: https://github.com/apache/solr/pull/355#issuecomment-953053969
> Not sure why this is a concern? Locking down endpoints to a specific role
(or roles) is why we have the authorization framework. The introduction of the
`MultiAuthPlugin` really has
janhoy commented on pull request #355:
URL: https://github.com/apache/solr/pull/355#issuecomment-948521927
A concern with enabling BasicAuth is that it is less secure than OIDC which
has a expiry of tokens, while a password is long-lived. To mitigate this added
surface area, I wonder how e