lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jérémy <mer...@gmail.com>
Subject Solr RuleBasedAuthorizationPlugin question
Date Fri, 03 May 2019 21:22:46 GMT
Hi,

I hope that this question wasn't answered already, but I couldn't find what
I was looking for in the archives.

I'm having a hard time to use solr with the BasicAuth and
RoleBasedAuthorization plugins.
The auth part works well but I have issues with the RoleBasedAuthorization
part. I'd like to have an admin role and a readonly one. I have two users,
each having one role. However both of them can create cores, delete
documents etc...

Here's my security.json:
{
  "authentication": {
    "blockUnknown": true,
    "class": "solr.BasicAuthPlugin",
    "credentials": {
      "adminuser": "adminpwd",
      "readuser": "readpwd"
    }
  },
  "authorization": {
    "class": "solr.RuleBasedAuthorizationPlugin",
    "permissions": [
      {
        "name": "read",
        "role": "readonly"
      },
      {
        "name": "security-edit",
        "role": "admin"
      }
    ],
    "user-role": {
      "readuser": "readonly",
      "adminuser": "admin"
    }
  }
}

I tried that with Solr 7.7.0 and 8.0.0, in cloud and standalone mode. I
can't figure out why the readuser can delete documents.

Any help is appreciated!

Thanks,
Jeremy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message