[
https://issues.apache.org/jira/browse/SOLR-13649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16911042#comment-16911042
]
Marcus Eagan commented on SOLR-13649:
-------------------------------------
for people watching this issue, I have added the appropriate tests and now
throw an exception if a user attempts to delete the final user or enable the
basic auth plugin without at least one user.
> BasicAuth's 'blockUnknown' param should default to true
> -------------------------------------------------------
>
> Key: SOLR-13649
> URL: https://issues.apache.org/jira/browse/SOLR-13649
> Project: Solr
> Issue Type: Improvement
> Components: Admin UI, Authentication, security
> Affects Versions: 7.7.2, 8.1.1
> Environment: All
> Reporter: Marcus Eagan
> Priority: Major
> Labels: Authentication
> Fix For: master (9.0)
>
> Time Spent: 4h
> Remaining Estimate: 0h
>
> If someone seeks to enable basic authentication but they do not specify the
> {{blockUnknown}} parameter, the default value is {{false}}. That default
> behavior is a bit counterintuitive because if someone wishes to enable basic
> authentication, you would expect that they would want all unknown users to
> need to authenticate by default. I can imagine cases where you would not, but
> those cases would be less frequent.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
