On 3/12/2018 8:39 PM, Terry Steichen wrote:
I'm increasingly of the view that Solr's authentication/authorization
mechanism doesn't work correctly in a _standalone_ mode. It was present
in the cloud mode for quite a few versions back, but as of 6.0.0 (or so)
it was supposed to be available in standalone mode too. It seems to
partly work (when using the built-in permissions), but does not seem to
work with customized, core-specific permissions.
I suspected based on your last message that the authorization feature
might only work correctly in SolrCloud. The entire authentication
feature was designed for SolrCloud. Version 6.5 brought the
security.json file to standalone mode. This was LONG after the feature
was introduced in 5.2 and had a LOT of bugs fixed in the three 5.3.x
releases.
I just found the section in the documentation confirming what I suspected.
https://lucene.apache.org/solr/guide/7_2/authentication-and-authorization-plugins.html#authorization
There is a note here that says "The authorization plugin is only
supported in SolrCloud mode. Also, reloading the plugin isn’t yet
supported and requires a restart of the Solr installation (meaning, the
JVM should be restarted, not simply a core reload)." The 6.6
documentation contains the same note that you can see here in the latest
docs.
I have no idea how hard it would be to extend the authorization plugin
to support standalone cores as well as collections. I imagine that if
it were easy, it would have been done already.
Thanks,
Shawn
