lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nikolay Martynov (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SOLR-12042) Authorization rules do not work as expected.
Date Tue, 27 Feb 2018 21:32:00 GMT
Nikolay Martynov created SOLR-12042:
---------------------------------------

             Summary: Authorization rules do not work as expected.
                 Key: SOLR-12042
                 URL: https://issues.apache.org/jira/browse/SOLR-12042
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
          Components: Authentication
    Affects Versions: 6.6.2
         Environment: SolrCloud, Linux.
            Reporter: Nikolay Martynov


Authentication rules do not work as expected: more permissions are given than desired.

This is an example of security.json:
{noformat}
{
 "authentication":{
   "blockUnknown":false,
   "class":"solr.BasicAuthPlugin",
   "credentials":{"admin":"XvyR9ddaDk/kVNBrhJHkeWhqTFQ2uAsv8tDOmkSDwkg= 3EiRiSQVKYnGDgOwBoY6NJNlOcoRuYZOoUMYB9hgpGw="},
   "":{"v":56}},
 "authorization":{
   "class":"solr.RuleBasedAuthorizationPlugin",
   "user-role":{"admin":["admin"]},
   "":{"v":66},
   "permissions":[
     {
       "name":"read",
       "role":null,
       "index":1},
     {
       "path":"/admin/info/system",
       "collection":null,
       "role":null,
       "index":2},
     {
       "name":"all",
       "role":"admin",
       "index":3}]}}
{noformat}

With this not authentication is required to create or delete collection.
If one removes second rule (one with path) then authentication is required to create or destroy
collection.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message