lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Resolved] (SOLR-12948) Basic Auth login windows pops up with page loaded
Date Thu, 01 Nov 2018 14:36:00 GMT

     [ https://issues.apache.org/jira/browse/SOLR-12948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jan Høydahl resolved SOLR-12948.
--------------------------------
    Resolution: Invalid

Closing as invalid. This is not a support portal for asking questions. Please ask your question
in the solr-user mailing list [http://lucene.apache.org/solr/community.html#mailing-lists-irc]

There is no fine-grained authorization support in the Admin UI that would hide menus based
on who logs in or similar, so what you describe is by design. Using HTTP directly towards
the /select endpoint you should be able to do without authentication if you configured security.json
correctly.

Please do not reply in this Jira, but follow up on the solr-user mailing list.

> Basic Auth login windows pops up with page loaded
> -------------------------------------------------
>
>                 Key: SOLR-12948
>                 URL: https://issues.apache.org/jira/browse/SOLR-12948
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Admin UI
>    Affects Versions: 7.5
>            Reporter: Wei Liao
>            Priority: Major
>         Attachments: Screenshot from 2018-10-31 14-30-09.png
>
>
> I've enabled basic auth in my solr 7.5 installation (with no blockUnknown), created an
admin role and added all of the [predefined permission|https://lucene.apache.org/solr/guide/7_5/rule-based-authorization-plugin.html]
(except read and all) to the role, and created an admin user with that role.
> What I wanted to do, is to enable public access only to the /select for querying, and
password protect everything else.
> With this, I can hit /select without authentication, but when I browse to the admin UI,
the login window pops up as I'd expect, but the dashboard page also loaded up, see attached.
I'd have expected nothing's showing except the login.
> If this is the wrong approach to what I needed, I'm interested in what you guys do to
achieve this.
> Thanks!
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message