Ishan Chattopadhyaya created SOLR-13619:
-------------------------------------------
Summary: Kerberos: 403 when node doesn't host collection
Key: SOLR-13619
URL: https://issues.apache.org/jira/browse/SOLR-13619
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Ishan Chattopadhyaya
Assignee: Ishan Chattopadhyaya
This is a spin off from SOLR-13472, specifically to tackle the Kerberos case.
Here's the security.json to reproduce the same problem as of SOLR-13472:
{code}
{
"authentication": {"class": "org.apache.solr.security.KerberosPlugin"},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"permissions": [
{
"name": "read",
"role": "*"
},
{
"name": "update",
"role": [
"indexer",
"admin"
]
},
{
"name": "all",
"role": "admin"
}
],
"user-role": {
"HTTP/so...@example.com": "admin",
"HTTP/so...@example.com": "admin",
"cli...@example.com": "indexer"
}
}
}
{code}
Here, cli...@example.com should be able to issue /update and /select requests
to both solr1 and solr2, but it throws 403 for the node that doesn't host the
collection.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
