[jira] [Updated] (SOLR-13097) RuleBasedAuthorizationPlugin is not fully fonctionnal in Solr standalone mode

Wed, 02 Jan 2019 11:35:07 -0800 


     [ 
https://issues.apache.org/jira/browse/SOLR-13097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dominique Béjean updated SOLR-13097:
------------------------------------
    Environment: Solr standalone

> RuleBasedAuthorizationPlugin is not fully fonctionnal in Solr standalone mode
> -----------------------------------------------------------------------------
>
>                 Key: SOLR-13097
>                 URL: https://issues.apache.org/jira/browse/SOLR-13097
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication
>    Affects Versions: 6.6.5, 7.5
>         Environment: Solr standalone
>            Reporter: Dominique Béjean
>            Priority: Major
>
> In Solr standalone mode, the collections element of the request context is 
> not populated by the core name.
> For instance, the following request:
> {code:java}
> http://user1:xxxxxx@localhost:8983/solr/biblio/select?indent=on&q=*:*&wt=json{code}
> reports this in log:
> {code:java}
> 2018-12-30 12:24:52.102 INFO (qtp1731656333-20) [ x:biblio] 
> o.a.s.s.HttpSolrCall USER_REQUIRED auth header Basic Mjox context : 
> userPrincipal: [[principal: 2]] type: [READ], collections: [], Path: 
> [/select] path : /select params :q=:&indent=on&wt=json{code}
> The consequence is that RuleBasedAuthorizationPlugin is not able to apply 
> this kind of permission:
> {code:java}
> {"name":"read-biblio",
>  "path":"/select",
>  "role":["admin","read","r1"],
>  "collection":"biblio",
>  "index":2}{code}
> In Solrcloud mode in the init() method of HttpSolrCall.java, the collections 
> element is populated with either the collection name matching the core name 
> in the request or the collection names provided in the collection parameter.
> {code:java}
> if (cores.isZooKeeperAware()) {
>      // init collectionList (usually one name but not when there are aliases)
>      String def = core != null ? core.getCoreDescriptor().getCollectionName() 
> : origCorename;
>      collectionsList = 
> resolveCollectionListOrAlias(queryParams.get(COLLECTION_PROP, def)); // 
> &collection= takes precedence
>     ...
> }{code}
>  
> I expect init() method could be improved in order to populate collections 
> element with the core name for Solr standalone mode.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to