Attachments are stripped from list, can you post a link to the screenshot of the UI when you first visit?
Jan > 12. des. 2019 kl. 17:27 skrev Oakley, Craig (NIH/NLM/NCBI) [C] > <craig.oak...@nih.gov.INVALID>: > > Below is the security.json (with password hashes redacted): in Solr7.4 it > prompts for a password and (if you get it right) lets you into the whole GUI; > But in Solr8.1.1 and in Solr 8.3, it does not prompt for a password before > letting you into a crippled version of the GUI (as depicted in the attachment) > > { > "authentication":{ > "class":"solr.BasicAuthPlugin", > "credentials":{ > "solradmin":"[redacted]", > "pysolrmon":"[redacted]", > "solrtrg":"[redacted]"}, > "":{"v":2}}, > "authorization":{ > "class":"solr.RuleBasedAuthorizationPlugin", > "user-role":{ > "solradmin":[ > "admin", > "allgen", > "trgadmin", > "genadmin"], > "solrtrg":[ > "trgadmin", > "allgen"], > "pysolrmon":["clustatus_role"]}, > "permissions":[ > { > "name":"gen_admin", > "collection":"NULL", > "path":"/admin/cores", > "params":{"action":[ > "REGEX:(?i)CREATE", > "REGEX:(?i)RENAME", > "REGEX:(?i)SWAP", > "REGEX:(?i)UNLOAD", > "REGEX:(?i)SPLIT"]}, > "role":"genadmin"}, > { > "name":"col_admin", > "collection":null, > "path":"/admin/collections", > "params":{"action":[ > "REGEX:(?i)CREATE", > "REGEX:(?i)MODIFYCOLLECTION", > "REGEX:(?i)SPLITSHARD", > "REGEX:(?i)CREATESHARD", > "REGEX:(?i)DELETESHARD", > "REGEX:(?i)CREATEALIAS", > "REGEX:(?i)DELETEALIAS", > "REGEX:(?i)DELETE", > "REGEX:(?i)DELETEREPLICA", > "REGEX:(?i)ADDREPLICA", > "REGEX:(?i)CLUSTERPROP", > "REGEX:(?i)MIGRATE", > "REGEX:(?i)ADDROLE", > "REGEX:(?i)REMOVEROLE", > "REGEX:(?i)ADDREPLICAPROP", > "REGEX:(?i)DELETEREPLICAPROP", > "REGEX:(?i)BALANCESHARDUNIQUE", > "REGEX:(?i)REBALANCELEADERS", > "REGEX:(?i)FORCELEADER", > "REGEX:(?i)MIGRATESTATEFORMAT"]}, > "role":"genadmin"}, > { > "name":"security-edit", > "role":"admin"}, > { > "name":"clustatus", > "path":"/admin/collections", > "params":{"action":["REGEX:(?i)CLUSTERSTATUS"]}, > "role":[ > "clustatus_role", > "allgen"], > "collection":null}, > { > "name":"corestatus", > "path":"/admin/cores", > "params":{"action":["REGEX:(?i)STATUS"]}, > "role":[ > "allgen", > "clustatus_role"], > "collection":null}, > { > "name":"trgadmin", > "collection":"trg_col", > "path":"/admin/*", > "role":"trgadmin"}, > { > "name":"open_select", > "path":"/select/*", > "role":null}, > { > "name":"open_search", > "path":"/search/*", > "role":null}, > { > "name":"catch-all-nocollection", > "collection":null, > "path":"/*", > "role":"allgen"}, > { > "name":"catch-all-collection", > "path":"/*", > "role":"allgen"}, > { > "name":"all-admincol", > "collection":null, > "path":"/admin/collections", > "role":"allgen"}, > { > "name":"all-admincores", > "collection":null, > "path":"/admin/cores", > "role":"allgen"}], > "":{"v":5}}} > > -----Original Message----- > From: Jan Høydahl <jan....@cominvent.com> > Sent: Wednesday, December 11, 2019 7:35 PM > To: solr-user@lucene.apache.org > Subject: Re: Solr8 changes how security.json restricts access to GUI > > Please show your complete Security.json so we know how auth is configured. > Which 8.x version are you trying? There should be a login screen shown in > admin UI now. > > Jan Høydahl > >> 11. des. 2019 kl. 22:40 skrev Oakley, Craig (NIH/NLM/NCBI) [C] >> <craig.oak...@nih.gov.invalid>: >> >> In Solr 7, we had clauses in our security.json saying >> >> { >> "name":"all-admin", >> "collection":null, >> "path":"/*", >> "role":"allgen", >> "index":15}, >> { >> "name":"all-core-handlers", >> "path":"/*", >> "role":"allgen", >> "index":16}, >> >> We granted the role allgen to all users; but this kept our security folk >> happy in that no one could even get to the top level of the Solr GUI without >> a password. >> >> Now under Solr 8, the GUI does not prompt for a password. It just brings you >> into the GUI (albeit a stripped down version, saying such things as "No >> cores available"). By what means can we require a password to get this far? >> And by what means can we prompt for a password in order to get further?