lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Heisey <apa...@elyograg.org>
Subject Re: Resend: Authorization on 6.6.0
Date Tue, 13 Mar 2018 03:15:51 GMT
On 3/12/2018 8:39 PM, Terry Steichen wrote:
> I'm increasingly of the view that Solr's authentication/authorization
> mechanism doesn't work correctly in a _standalone_ mode.  It was present
> in the cloud mode for quite a few versions back, but as of 6.0.0 (or so)
> it was supposed to be available in standalone mode too.  It seems to
> partly work (when using the built-in permissions), but does not seem to
> work with customized, core-specific permissions.

I suspected based on your last message that the authorization feature 
might only work correctly in SolrCloud.  The entire authentication 
feature was designed for SolrCloud.  Version 6.5 brought the 
security.json file to standalone mode.  This was LONG after the feature 
was introduced in 5.2 and had a LOT of bugs fixed in the three 5.3.x 
releases.

I just found the section in the documentation confirming what I suspected.

https://lucene.apache.org/solr/guide/7_2/authentication-and-authorization-plugins.html#authorization

There is a note here that says "The authorization plugin is only 
supported in SolrCloud mode. Also, reloading the plugin isn’t yet 
supported and requires a restart of the Solr installation (meaning, the 
JVM should be restarted, not simply a core reload)."  The 6.6 
documentation contains the same note that you can see here in the latest 
docs.

I have no idea how hard it would be to extend the authorization plugin 
to support standalone cores as well as collections.  I imagine that if 
it were easy, it would have been done already.

Thanks,
Shawn


Mime
View raw message