[ https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Noble Paul updated SOLR-8429: ----------------------------- Description: If authentication is setup with BasicAuthPlugin, it let's all requests go through if no credentials are passed. This was done to have minimal impact for users who only wishes to protect a few end points (say , collection admin and core admin only) We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests to go in the users can create the first security.json with that {code} {code} was: If authentication is setup with BasicAuthPlugin, it let's all requests go through if no credentials are passed. This was done to have minimal impact for users who only wishes to protect a few end points (say , collection admin and core admin only) We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests to go in > add a flag blockUnknown to BasicAutPlugin > ----------------------------------------- > > Key: SOLR-8429 > URL: https://issues.apache.org/jira/browse/SOLR-8429 > Project: Solr > Issue Type: Improvement > Reporter: Noble Paul > Assignee: Noble Paul > > If authentication is setup with BasicAuthPlugin, it let's all requests go > through if no credentials are passed. This was done to have minimal impact > for users who only wishes to protect a few end points (say , collection admin > and core admin only) > We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests > to go in > the users can create the first security.json with that > {code} > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org