lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-8429) add a flag blockUnauthenticated to BasicAutPlugin
Date Thu, 17 Dec 2015 00:25:46 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061208#comment-15061208
] 

Jan Høydahl commented on SOLR-8429:
-----------------------------------

Let's make it default to true from 5.5, aligning with what people expect after enabling auth
in any piece of software. We can fix back-compat using {{luceneMatchVersion}}, or I'm also
OK with treating this as a Bug, documenting the change in CHANGES, since the refGuide does
not even mention the current behavior.

Is it at all possible with 5.4 to make BasicAuth work without also specifying authorization?

> add a flag blockUnauthenticated to BasicAutPlugin
> -------------------------------------------------
>
>                 Key: SOLR-8429
>                 URL: https://issues.apache.org/jira/browse/SOLR-8429
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>
> If authentication is setup with BasicAuthPlugin, it let's all requests go through if
no credentials are passed. This was done to have minimal impact for users who only wishes
to protect a few end points (say , collection admin and core admin only)
> We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests to go in




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message