Attachments are stripped from list, can you post a link to the screenshot of
the UI when you first visit?
Jan
> 12. des. 2019 kl. 17:27 skrev Oakley, Craig (NIH/NLM/NCBI) [C]
> <craig.oak...@nih.gov.INVALID>:
>
> Below is the security.json (with password hashes redacted): in Solr7.4 it
> prompts for a password and (if you get it right) lets you into the whole GUI;
> But in Solr8.1.1 and in Solr 8.3, it does not prompt for a password before
> letting you into a crippled version of the GUI (as depicted in the attachment)
>
> {
> "authentication":{
> "class":"solr.BasicAuthPlugin",
> "credentials":{
> "solradmin":"[redacted]",
> "pysolrmon":"[redacted]",
> "solrtrg":"[redacted]"},
> "":{"v":2}},
> "authorization":{
> "class":"solr.RuleBasedAuthorizationPlugin",
> "user-role":{
> "solradmin":[
> "admin",
> "allgen",
> "trgadmin",
> "genadmin"],
> "solrtrg":[
> "trgadmin",
> "allgen"],
> "pysolrmon":["clustatus_role"]},
> "permissions":[
> {
> "name":"gen_admin",
> "collection":"NULL",
> "path":"/admin/cores",
> "params":{"action":[
> "REGEX:(?i)CREATE",
> "REGEX:(?i)RENAME",
> "REGEX:(?i)SWAP",
> "REGEX:(?i)UNLOAD",
> "REGEX:(?i)SPLIT"]},
> "role":"genadmin"},
> {
> "name":"col_admin",
> "collection":null,
> "path":"/admin/collections",
> "params":{"action":[
> "REGEX:(?i)CREATE",
> "REGEX:(?i)MODIFYCOLLECTION",
> "REGEX:(?i)SPLITSHARD",
> "REGEX:(?i)CREATESHARD",
> "REGEX:(?i)DELETESHARD",
> "REGEX:(?i)CREATEALIAS",
> "REGEX:(?i)DELETEALIAS",
> "REGEX:(?i)DELETE",
> "REGEX:(?i)DELETEREPLICA",
> "REGEX:(?i)ADDREPLICA",
> "REGEX:(?i)CLUSTERPROP",
> "REGEX:(?i)MIGRATE",
> "REGEX:(?i)ADDROLE",
> "REGEX:(?i)REMOVEROLE",
> "REGEX:(?i)ADDREPLICAPROP",
> "REGEX:(?i)DELETEREPLICAPROP",
> "REGEX:(?i)BALANCESHARDUNIQUE",
> "REGEX:(?i)REBALANCELEADERS",
> "REGEX:(?i)FORCELEADER",
> "REGEX:(?i)MIGRATESTATEFORMAT"]},
> "role":"genadmin"},
> {
> "name":"security-edit",
> "role":"admin"},
> {
> "name":"clustatus",
> "path":"/admin/collections",
> "params":{"action":["REGEX:(?i)CLUSTERSTATUS"]},
> "role":[
> "clustatus_role",
> "allgen"],
> "collection":null},
> {
> "name":"corestatus",
> "path":"/admin/cores",
> "params":{"action":["REGEX:(?i)STATUS"]},
> "role":[
> "allgen",
> "clustatus_role"],
> "collection":null},
> {
> "name":"trgadmin",
> "collection":"trg_col",
> "path":"/admin/*",
> "role":"trgadmin"},
> {
> "name":"open_select",
> "path":"/select/*",
> "role":null},
> {
> "name":"open_search",
> "path":"/search/*",
> "role":null},
> {
> "name":"catch-all-nocollection",
> "collection":null,
> "path":"/*",
> "role":"allgen"},
> {
> "name":"catch-all-collection",
> "path":"/*",
> "role":"allgen"},
> {
> "name":"all-admincol",
> "collection":null,
> "path":"/admin/collections",
> "role":"allgen"},
> {
> "name":"all-admincores",
> "collection":null,
> "path":"/admin/cores",
> "role":"allgen"}],
> "":{"v":5}}}
>
> -----Original Message-----
> From: Jan Høydahl <jan....@cominvent.com>
> Sent: Wednesday, December 11, 2019 7:35 PM
> To: solr-user@lucene.apache.org
> Subject: Re: Solr8 changes how security.json restricts access to GUI
>
> Please show your complete Security.json so we know how auth is configured.
> Which 8.x version are you trying? There should be a login screen shown in
> admin UI now.
>
> Jan Høydahl
>
>> 11. des. 2019 kl. 22:40 skrev Oakley, Craig (NIH/NLM/NCBI) [C]
>> <craig.oak...@nih.gov.invalid>:
>>
>> In Solr 7, we had clauses in our security.json saying
>>
>> {
>> "name":"all-admin",
>> "collection":null,
>> "path":"/*",
>> "role":"allgen",
>> "index":15},
>> {
>> "name":"all-core-handlers",
>> "path":"/*",
>> "role":"allgen",
>> "index":16},
>>
>> We granted the role allgen to all users; but this kept our security folk
>> happy in that no one could even get to the top level of the Solr GUI without
>> a password.
>>
>> Now under Solr 8, the GUI does not prompt for a password. It just brings you
>> into the GUI (albeit a stripped down version, saying such things as "No
>> cores available"). By what means can we require a password to get this far?
>> And by what means can we prompt for a password in order to get further?
