[ https://issues.apache.org/jira/browse/SOLR-13649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16911042#comment-16911042 ]
Marcus Eagan commented on SOLR-13649: ------------------------------------- for people watching this issue, I have added the appropriate tests and now throw an exception if a user attempts to delete the final user or enable the basic auth plugin without at least one user. > BasicAuth's 'blockUnknown' param should default to true > ------------------------------------------------------- > > Key: SOLR-13649 > URL: https://issues.apache.org/jira/browse/SOLR-13649 > Project: Solr > Issue Type: Improvement > Components: Admin UI, Authentication, security > Affects Versions: 7.7.2, 8.1.1 > Environment: All > Reporter: Marcus Eagan > Priority: Major > Labels: Authentication > Fix For: master (9.0) > > Time Spent: 4h > Remaining Estimate: 0h > > If someone seeks to enable basic authentication but they do not specify the > {{blockUnknown}} parameter, the default value is {{false}}. That default > behavior is a bit counterintuitive because if someone wishes to enable basic > authentication, you would expect that they would want all unknown users to > need to authenticate by default. I can imagine cases where you would not, but > those cases would be less frequent. -- This message was sent by Atlassian Jira (v8.3.2#803003) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org