lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cody Rathgeber <c...@yellowpencil.com>
Subject SOLR 6.6 Restrict access to specific collections
Date Wed, 28 Jun 2017 17:46:38 GMT
Hello,


I’m trying to create custom rules to work with the Solr  Rule Based Authorization Plugin.
https://lucene.apache.org/solr/guide/6_6/rule-based-authorization-plugin.html <https://lucene.apache.org/solr/guide/6_6/rule-based-authorization-plugin.html>
. I have a basic security.json uploaded to zookeeper and working etc. the Issue i’m having
is the pre-created rules apply to all collections. I found a few guides saying you could do
something like the code below, to restrict access to collections to specific roles, however
on newer versions of solr it doesn’t seem to like the syntax in the .json and can’t parse
it. Anyone have any experience with this and can point me in the right direction?

curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d
'{ 
  "set-permission": { "name":"a-custom-permission-name",
                      "collection":"gettingstarted",
                      "path":”/update"
                      "role": "dev"
   }

Basically we are planning on having a solrcloud cluster on a privately accessible network
clients webserver’s can hit, however we need a way to lock down each collection to ensure
each client can only hit their own collection. It’s already IP restricted to the webservers.

Thanks,
Cody
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message