Authorization in Solr 6.6.0 Not Working Properly

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Authorization in Solr 6.6.0 Not Working Properly

Terry Steichen
I'm using 6.6.0 with security.json active, having the content shown
below.  I am running standalone mode, have two solr cores defined:
email1, and email2.  Since the 'blockUnknown' is set to false, everyone
should have access to any unprotected resource.  As you can see, I have
three users defined: joe, solr and terry (the latter two having an admin

What I expect to happen is for user joe (who is not an admin) to be able
to access core emails2 without being challenged for his credentials. 
But, user joe should also be challenged and not allowed to access emails1. 

But solr appears to ignore the "collections" portion of the permission -
it denies joe access to both cores. 

Is this a bug (in that auth doesn't work properly in 6.6.0 standalone),
or am I (once again) missing something?


{     "authentication": {         "class": "solr.BasicAuthPlugin",
        "blockUnknown": false,         "credentials": {            
"solr": "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",             "joe":
P+aA0Bx811jzRwR97bOn/x/jyvpoKiHpWIRRXGAc8tg=",             "terry":
oSaEbu/0TCg8UehLQ9zfoH3AvrJBqCaIoJkt547WIrc="         },         "": {
            "v": 0         }     },     "authorization": {        
"class": "solr.RuleBasedAuthorizationPlugin",         "user-role": {
            "solr": "admin",             "terry": "admin"         },
        "permissions": [             {                
"collection":"emails1",                 "path": "/select",
                "role": "admin"             }         ]     } }