[jira] [Updated] (SOLR-18010) Adding a new role corrupts security.json file

Tue, 02 Dec 2025 02:45:04 -0800 


     [ 
https://issues.apache.org/jira/browse/SOLR-18010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rich M updated SOLR-18010:
--------------------------
    Affects Version/s: 9.8
                           (was: 9.8.1)

> Adding a new role corrupts security.json file
> ---------------------------------------------
>
>                 Key: SOLR-18010
>                 URL: https://issues.apache.org/jira/browse/SOLR-18010
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: SolrCLI
>    Affects Versions: 9.8
>         Environment: Windows
> Solr 9.8.1
>            Reporter: Rich M
>            Priority: Critical
>         Attachments: image-2025-12-02-16-09-45-876.png
>
>
> Do following steps after installing Solr.
> *Step 1:*
> Create a new security.json at \solr-9.8.0\server\solr\ with following 
> contents:
> (same as given here - 
> https://solr.apache.org/guide/solr/latest/deployment-guide/authentication-and-authorization-plugins.html#configuring-security-json)
> {code:java}
> {
> "authentication":{
>    "class":"solr.BasicAuthPlugin",
>    "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= 
> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
> },
> "authorization":{
>    "class":"solr.RuleBasedAuthorizationPlugin",
>    "permissions":[{"name":"security-edit",
>       "role":"admin"}],
>    "user-role":{"solr":"admin"}
> }}{code}
> Step 2:
> Login with solr user, password - SolrRocks
> Go to 'Security'
> create a new role with a new role
> Error below appears and security.json gets corrupted.
> !image-2025-12-02-16-09-45-876.png|width=550,height=246!
> The json automatically gets updated to:
> {code:java}
> {
>   "authentication":{
>     "class":"solr.BasicAuthPlugin",
>     "credentials":{
>       "solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= 
> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
>       "test1":"VF04APKPG4SRcJ8iuBrC37xMsZO3mYm5b+vsvsqIuwQ= 
> g0N/69rk7g/U3L3PZO3zsed5txIfdO0G0/Iyzoru+1I="},
>     "":{"v":0}},
>   "authorization":{
>     "class":"solr.RuleBasedAuthorizationPlugin",
>     "permissions":[
>       {
>         "name":"security-edit",
>         "role":"admin",
>         "index":1},
>       {
>         "name":"collection-admin-read",
>         "role":["all-read-only"],
>         "index":2},
>       {
>         "name":"config-read",
>         "role":["all-read-only"],
>         "index":3}],
>     "user-role":{
>       "solr":"admin",
>       "test1":["all-read-only"]},
>     "":{"v":0}}}0}}}{code}
> and this is not a valid json anymore.
> As a result, the 'solr' user is not usable anymore.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to