lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Lee <kgle...@yahoo.com.INVALID>
Subject Re: Issue Using Solr 5.3 Authentication and Authorization Plugins
Date Mon, 31 Aug 2015 21:40:08 GMT
Anyone else running into any issues trying to get the authentication and authorization plugins
in 5.3 working?

> On Aug 29, 2015, at 2:30 AM, Kevin Lee <kglee79@yahoo.com.INVALID> wrote:
> 
> Hi,
> 
> I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t seem to be
working quite right.  Not sure if I’m missing steps or there is a bug.  I am able to get
it to protect access to a URL under a collection, but am unable to get it to secure access
to the Admin UI.  In addition, after stopping the Solr and Zookeeper instances, the security.json
is still in Zookeeper, however Solr is allowing access to everything again like the security
configuration isn’t in place.
> 
> Contents of security.json taken from wiki page, but edited to produce valid JSON.  Had
to move comma after 3rd from last “}” up to just after the last “]”.
> 
> {
> "authentication":{
>   "class":"solr.BasicAuthPlugin",
>   "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
> },
> "authorization":{
>   "class":"solr.RuleBasedAuthorizationPlugin",
>   "permissions":[{"name":"security-edit",
>      "role":"admin"}],
>   "user-role":{"solr":"admin"}
> }}
> 
> Here are the steps I followed:
> 
> Upload security.json to zookeeper
> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile /security.json
~/solr/security.json
> 
> Use zkCli.sh from Zookeeper to ensure the security.json is in Zookeeper at /security.json.
 It is there and looks like what was originally uploaded.
> 
> Start Solr Instances
> 
> Attempt to create a permission, however get the following error:
> {
>  "responseHeader":{
>    "status":400,
>    "QTime":0},
>  "error":{
>    "msg":"No authorization plugin configured",
>    "code":400}}
> 
> Upload security.json again.
> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile /security.json
~/solr/security.json
> 
> Issue the following to try to create the permission again and this time it’s successful.
> // Create a permission for mysearch endpoint
>            curl --user solr:SolrRocks -H 'Content-type:application/json' -d '{"set-permission":
{"name":"mycollection-search","collection": “mycollection","path":”/mysearch","role":
"search-user"}}' http://localhost:8983/solr/admin/authorization
>    
>    {
>      "responseHeader":{
>        "status":0,
>        "QTime":7}}
>    
> Issue the following commands to add users
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json'
-d '{"set-user": {"admin" : “password" }}’
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json'
-d '{"set-user": {"user" : “password" }}'
> 
> Issue the following command to add permission to users
> curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ "set-user-role" : {"admin":
["search-user", "admin"]}}' http://localhost:8983/solr/admin/authorization
> curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{ "set-user-role" : {"user":
["search-user"]}}' http://localhost:8983/solr/admin/authorization
> 
> After executing the above, access to /mysearch is protected until I restart the Solr
and Zookeeper instances.  However, the admin UI is never protected like the Wiki page says
it should be once activated.
> 
> https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin <https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin>
> 
> Why does the authentication and authorization plugin not stay activated after restart
and why is the Admin UI never protected?  Am I missing any steps?
> 
> Thanks,
> Kevin

Mime
View raw message