Yes, it works!
Thanks a lot!
El vie., 28 feb. 2020 20:15, Oakley, Craig (NIH/NLM/NCBI) [C]
<craig.oak...@nih.gov.invalid> escribió:
> I have found that for admin commands you may need to include
> "collection":null
> {
> "name":"admin-info-system2",
> "path":"/admin/*",
> "collection":null,
> "role":"*"}
>
>
> -----Original Message-----
> From: Jesús Roca <xes...@gmail.com>
> Sent: Friday, February 28, 2020 2:10 PM
> To: solr-user@lucene.apache.org
> Subject: Limiting access to /admin path
>
> Hello,
>
> I have a Solr 7.7.2 instance with basic authentication.
>
> Anyone knows how to limit only to authenticated users the access to /admin
> path?
> For example to:
>
> https://localhost:8983/solr/admin/info/system
>
> When I access to that section this is the log generated:
> 2020-02-28 18:05:58.896 INFO (qtp694316372-17) [ ] o.a.s.s.HttpSolrCall
> [admin] webapp=null path=/admin/info/system params={} status=0 QTime=36
>
> I have added the following custom permission, but it doesn't block the
> unauthenticated request to that section:
>
> "permissions":[
> {
> "name":"admin-info-system",
> "path":"/admin/info/system",
> "role":"*"}
> ],
>
> If I create the following custom permissions with diferent path:
>
> "permissions":[
> {
> "name":"admin-info-system1",
> "path":"/select/*",
> "role":"*"},
> {
> "name":"admin-info-system2",
> "path":"/admin/*",
> "role":"*"}
> ],
>
> Then, I have to authenticate when I query a collection, but I can still
> access to /admin/info/system or /admin/collections?action=CLUSTERSTATUS
>
> Definitely, I don't know how to block unauthenticated access to /admin path
> without add the blockUnknown=true attribute but, if I do that, all the
> request will have to be authenticated and I didn't.
>
> Thanks in advance!
>
