lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-8429) add a flag blockUnauthenticated to BasicAutPlugin
Date Thu, 17 Dec 2015 11:39:46 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061937#comment-15061937
] 

Jan Høydahl commented on SOLR-8429:
-----------------------------------

bq. I don't wish to tie this to luceneMatchVersion
Thinking a bit more, luceneMatchVersion wouldn't work here anyway, since we're talking node-level
config and not collection-level? Still I ghink a new default setting can be introduced with
proper release note documentation.

bq. So the assumption was that most of them did not need any security (or they had alternate
solutions).
My clients mostly use Container managed security in Jetty/Tomcat, and some use SSL client
certificate authentication - both solutions lock down the entire /solr namespace. Guess there
are plenty of these out there on older versions looking to switch to Solr managed security.

So, with this new flag enabled, what if you want to add rulesBasedAuthorization and explicitly
open up a certain path, say {{/solr/foo/select}} to unauthenticated users. Would that be possible,
or would the enforcing of auth happen before the authz plugin can decide?

> add a flag blockUnauthenticated to BasicAutPlugin
> -------------------------------------------------
>
>                 Key: SOLR-8429
>                 URL: https://issues.apache.org/jira/browse/SOLR-8429
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>
> If authentication is setup with BasicAuthPlugin, it let's all requests go through if
no credentials are passed. This was done to have minimal impact for users who only wishes
to protect a few end points (say , collection admin and core admin only)
> We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests to go in




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message