[
https://issues.apache.org/jira/browse/SOLR-13619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16885186#comment-16885186
]
ASF subversion and git services commented on SOLR-13619:
--------------------------------------------------------
Commit 4c83fbb4a1dd609189543e5e36ecd85eae08ef72 in lucene-solr's branch
refs/heads/branch_8_2 from Ishan Chattopadhyaya
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=4c83fbb ]
SOLR-13619: Kerberos plugin to forward original user principal
> Kerberos: 403 when node doesn't host collection
> -----------------------------------------------
>
> Key: SOLR-13619
> URL: https://issues.apache.org/jira/browse/SOLR-13619
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ishan Chattopadhyaya
> Assignee: Ishan Chattopadhyaya
> Priority: Major
> Attachments: SOLR-13619.patch
>
>
> This is a spin off from SOLR-13472, specifically to tackle the Kerberos case.
> Here's the security.json to reproduce the same problem as of SOLR-13472:
> {code}
> {
> "authentication": {"class": "org.apache.solr.security.KerberosPlugin"},
> "authorization": {
> "class": "solr.RuleBasedAuthorizationPlugin",
> "permissions": [
> {
> "name": "read",
> "role": "*"
> },
> {
> "name": "update",
> "role": [
> "indexer",
> "admin"
> ]
> },
> {
> "name": "all",
> "role": "admin"
> }
> ],
> "user-role": {
> "HTTP/so...@example.com": "admin",
> "HTTP/so...@example.com": "admin",
> "cli...@example.com": "indexer"
> }
> }
> }
> {code}
> Here, cli...@example.com should be able to issue /update and /select requests
> to both solr1 and solr2, but it throws 403 for the node that doesn't host the
> collection.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
