Timothy Potter created SOLR-15573:
-------------------------------------
Summary: The `bin/solr auth` utility updates `solr.in.sh` to set
`solr.httpclient.config` to point to `basicAuth.conf` which allows access to
the UI without logging in
Key: SOLR-15573
URL: https://issues.apache.org/jira/browse/SOLR-15573
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Timothy Potter
Assignee: Timothy Potter
These env vars get set in {{solr.in.sh}}
{code}
# The following lines added by ./solr for enabling BasicAuth
SOLR_AUTH_TYPE="basic"
SOLR_AUTHENTICATION_OPTS="-Dsolr.httpclient.config=/Users/tjp/dev/oss/lucene-solr-8x/solr/server/solr/basicAuth.conf"
{code}
When you visit the Admin UI, there's no login / logout (b/c the UI relies on
seeing a 401 from the server when auth is enabled but since basicAuth.conf
supplies the credentials, requests pass through?). This also confuses the new
Security UI b/c it depends on having a username.
The security section that comes back from {{admin/system/info}} doesn't have a
username, which means the {{req.getUserPrincipal()}} is null?
I didn't catch this initially when testing the new security UI against 8x as I
supplied my own security.json with a different realm name.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
