[
https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061937#comment-15061937
]
Jan Høydahl commented on SOLR-8429:
-----------------------------------
bq. I don't wish to tie this to luceneMatchVersion
Thinking a bit more, luceneMatchVersion wouldn't work here anyway, since we're
talking node-level config and not collection-level? Still I ghink a new default
setting can be introduced with proper release note documentation.
bq. So the assumption was that most of them did not need any security (or they
had alternate solutions).
My clients mostly use Container managed security in Jetty/Tomcat, and some use
SSL client certificate authentication - both solutions lock down the entire
/solr namespace. Guess there are plenty of these out there on older versions
looking to switch to Solr managed security.
So, with this new flag enabled, what if you want to add rulesBasedAuthorization
and explicitly open up a certain path, say {{/solr/foo/select}} to
unauthenticated users. Would that be possible, or would the enforcing of auth
happen before the authz plugin can decide?
> add a flag blockUnauthenticated to BasicAutPlugin
> -------------------------------------------------
>
> Key: SOLR-8429
> URL: https://issues.apache.org/jira/browse/SOLR-8429
> Project: Solr
> Issue Type: Improvement
> Reporter: Noble Paul
> Assignee: Noble Paul
>
> If authentication is setup with BasicAuthPlugin, it let's all requests go
> through if no credentials are passed. This was done to have minimal impact
> for users who only wishes to protect a few end points (say , collection admin
> and core admin only)
> We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests
> to go in
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
