[ https://issues.apache.org/jira/browse/SOLR-9640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl updated SOLR-9640: ------------------------------ Attachment: SOLR-9640.patch Attaching patch which works with my limited testing * Fix bug in SolrDispatchFilter - path {{/admin/info/key}} should always be open. It required authentication since we were comparing with {{getPathInfo}} instead of {{getServletPath}} * Always register PKIAuthenticationPlugin in CoreContainer * In {{PKIAuthenticationPlugin.getRemotePublicKey()}} generate URL for node based on {{nodeName}} when not running ZK mode Local testing with manual sharding between two standalone nodes works, the PKI kicks in. Have not tested with /replication etc. h3. Todo: * Write a unit test * Generating nodeName from {{host}} and {{port}} properties of CloudConfig, which seems a bit odd when not running cloud. Could we move these three lines outside the {{<solrcloud>}} tag in {{solr.xml}}? {code:xml} <str name="host">${host:}</str> <int name="hostPort">${jetty.port:8983}</int> <str name="hostContext">${hostContext:solr}</str> {code} * Generating urlScheme based on whether an ssl property is set, since we do not have access to clusterProps. Is this the best way? {code} urlScheme = System.getProperty("solr.jetty.keystore") == null ? "http" : "https"; {code} > Support PKI authentication in standalone mode > --------------------------------------------- > > Key: SOLR-9640 > URL: https://issues.apache.org/jira/browse/SOLR-9640 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: security > Reporter: Jan Høydahl > Attachments: SOLR-9640.patch > > > While working with SOLR-9481 I managed to secure Solr standalone on a > single-node server. However, when adding > {{&shards=localhost:8081/solr/foo,localhost:8082/solr/foo}} to the request, I > get 401 error. > To solve it we either need to add support for inter-node stuff in all the > plugins, but it would be sweet if the PKI stuff would work also for > standalone. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org