[ https://issues.apache.org/jira/browse/SOLR-13619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16885186#comment-16885186 ]
ASF subversion and git services commented on SOLR-13619: -------------------------------------------------------- Commit 4c83fbb4a1dd609189543e5e36ecd85eae08ef72 in lucene-solr's branch refs/heads/branch_8_2 from Ishan Chattopadhyaya [ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=4c83fbb ] SOLR-13619: Kerberos plugin to forward original user principal > Kerberos: 403 when node doesn't host collection > ----------------------------------------------- > > Key: SOLR-13619 > URL: https://issues.apache.org/jira/browse/SOLR-13619 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Ishan Chattopadhyaya > Assignee: Ishan Chattopadhyaya > Priority: Major > Attachments: SOLR-13619.patch > > > This is a spin off from SOLR-13472, specifically to tackle the Kerberos case. > Here's the security.json to reproduce the same problem as of SOLR-13472: > {code} > { > "authentication": {"class": "org.apache.solr.security.KerberosPlugin"}, > "authorization": { > "class": "solr.RuleBasedAuthorizationPlugin", > "permissions": [ > { > "name": "read", > "role": "*" > }, > { > "name": "update", > "role": [ > "indexer", > "admin" > ] > }, > { > "name": "all", > "role": "admin" > } > ], > "user-role": { > "HTTP/so...@example.com": "admin", > "HTTP/so...@example.com": "admin", > "cli...@example.com": "indexer" > } > } > } > {code} > Here, cli...@example.com should be able to issue /update and /select requests > to both solr1 and solr2, but it throws 403 for the node that doesn't host the > collection. -- This message was sent by Atlassian JIRA (v7.6.14#76016) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org