[
https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15062022#comment-15062022
]
Noble Paul commented on SOLR-8429:
----------------------------------
If {{"blockUnauthenticated":true}} is set , you don't have the choice of
allowing any path without authentication
However you can do the following . create a permission called {{all}} (
SOLR-8428 ) and then explicitly open up the path {{/solr/foo/select}} using a
wild card role {{role:"*"}} ( SOLR-8434 ). The rules would look like the
follows
{code}
{
"authorization" :{
"permissions":[
{"name": "foo-read",
"collection": "foo",
"path": "/select",
"role": null},
{"name":"all" ,
"role": "*"}]}}
{code}
> add a flag blockUnauthenticated to BasicAutPlugin
> -------------------------------------------------
>
> Key: SOLR-8429
> URL: https://issues.apache.org/jira/browse/SOLR-8429
> Project: Solr
> Issue Type: Improvement
> Reporter: Noble Paul
> Assignee: Noble Paul
>
> If authentication is setup with BasicAuthPlugin, it let's all requests go
> through if no credentials are passed. This was done to have minimal impact
> for users who only wishes to protect a few end points (say , collection admin
> and core admin only)
> We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests
> to go in
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
