Hi,
I created a Jira issue
https://issues.apache.org/jira/browse/SOLR-13097
Regards.
Dominique
Le lun. 31 déc. 2018 à 11:26, Dominique Bejean <dominique.bej...@eolya.fr>
a écrit :
> Hi,
>
> In debugging mode, I discovered that only in SolrCloud mode the collection
> name is extract from the request path in the init() method of
> HttpSolrCall.java
>
> if (cores.isZooKeeperAware()) {
> // init collectionList (usually one name but not when there are
> aliases)
> ...
> }
>
> So in Solr standalone mode, only authentication is fully fonctionnal, not
> authorization !
>
> Regards.
>
> Dominique
>
>
>
>
>
> Le dim. 30 déc. 2018 à 13:40, Dominique Bejean <dominique.bej...@eolya.fr>
> a écrit :
>
>> Hi,
>>
>> After reading more carefully the log file, here is my understanding.
>>
>> The request
>>
>> http://2:xxxxxx@localhost:8983/solr/biblio/select?indent=on&q=*:*&wt=json
>>
>>
>> report this in log
>>
>> 2018-12-30 12:24:52.102 INFO (qtp1731656333-20) [ x:biblio]
>> o.a.s.s.HttpSolrCall USER_REQUIRED auth header Basic Mjox context :
>> userPrincipal: [[principal: 2]] type: [READ], collections: [], Path:
>> [/select] path : /select params :q=*:*&indent=on&wt=json
>>
>> collections is empty, so it looks like "/select" is not collection
>> specific and so it is not possible to define read access by collection.
>>
>> Can someone confirm ?
>>
>> Regards
>>
>> Dominique
>>
>>
>>
>>
>>
>> Le ven. 21 déc. 2018 à 10:46, Dominique Bejean <dominique.bej...@eolya.fr>
>> a écrit :
>>
>>> Hi,
>>>
>>> I am trying to configure security.json file, in order to define the
>>> following users and permissions :
>>>
>>> - user "admin" with all permissions on all collections
>>> - user "read" with read permissions on all collections
>>> - user "1" with only read permissions on biblio collection
>>> - user "2" with only read permissions on personnes collection
>>>
>>> Here is my security.json file
>>>
>>> {
>>> "authentication":{
>>> "blockUnknown":true,
>>> "class":"solr.BasicAuthPlugin",
>>> "credentials":{
>>> "admin":"4uwfcjV7bCqOdLF/Qn2wiTyC7zIWN6lyA1Bgp1yqZj0=
>>> 7PCh68vhIlZXg1l45kSlvGKowMg1bm/L3eSfgT5dzjs=",
>>> "read":"azUFSo9/plsGkQGhSQuk8YXoir22pALVpP8wFkd7wlk=
>>> gft4wNAeuvz7P8bv/Jv6TK94g516/qXe9cFWe/VlhDo=",
>>> "1":"azUFSo9/plsGkQGhSQuk8YXoir22pALVpP8wFkd7wlk=
>>> gft4wNAeuvz7P8bv/Jv6TK94g516/qXe9cFWe/VlhDo=",
>>> "2":"azUFSo9/plsGkQGhSQuk8YXoir22pALVpP8wFkd7wlk=
>>> gft4wNAeuvz7P8bv/Jv6TK94g516/qXe9cFWe/VlhDo="},
>>> "":{"v":0}},
>>> "authorization":{
>>> "class":"solr.RuleBasedAuthorizationPlugin",
>>> "permissions":[
>>> {
>>> "name":"all",
>>> "role":"admin",
>>> "index":1},
>>> {
>>> "name":"read-biblio",
>>> "path":"/select",
>>> "role":["admin","read","r1"],
>>> "collection":"biblio",
>>> "index":2},
>>> {
>>> "name":"read-personnes",
>>> "path":"/select",
>>> "role":["admin","read","r2"],
>>> "collection":"personnes",
>>> "index":3},
>>> {
>>> "name":"read",
>>> "collection":"*",
>>> "role":["admin","read"],
>>> "index":4}],
>>> "user-role":{
>>> "admin":"admin",
>>> "read":"read",
>>> "1":"r1",
>>> "2":"r2"}
>>> }
>>> }
>>>
>>>
>>> I have a 403 errors for user 1 on biblio and user 2 on personnes while
>>> using the "/select" requestHandler. However according to r1 and r2 roles
>>> and premissions order, the access should be allowed.
>>>
>>> I have duplicated the TestRuleBasedAuthorizationPlugin.java class in
>>> order to test these exact same permissions and roles. checkRules reports
>>> access is allowed !!!
>>>
>>> I don't understand where is the problem. Any ideas ?
>>>
>>> Regards
>>>
>>> Dominique
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
