Hi, I created a Jira issue https://issues.apache.org/jira/browse/SOLR-13097
Regards. Dominique Le lun. 31 déc. 2018 à 11:26, Dominique Bejean <dominique.bej...@eolya.fr> a écrit : > Hi, > > In debugging mode, I discovered that only in SolrCloud mode the collection > name is extract from the request path in the init() method of > HttpSolrCall.java > > if (cores.isZooKeeperAware()) { > // init collectionList (usually one name but not when there are > aliases) > ... > } > > So in Solr standalone mode, only authentication is fully fonctionnal, not > authorization ! > > Regards. > > Dominique > > > > > > Le dim. 30 déc. 2018 à 13:40, Dominique Bejean <dominique.bej...@eolya.fr> > a écrit : > >> Hi, >> >> After reading more carefully the log file, here is my understanding. >> >> The request >> >> http://2:xxxxxx@localhost:8983/solr/biblio/select?indent=on&q=*:*&wt=json >> >> >> report this in log >> >> 2018-12-30 12:24:52.102 INFO (qtp1731656333-20) [ x:biblio] >> o.a.s.s.HttpSolrCall USER_REQUIRED auth header Basic Mjox context : >> userPrincipal: [[principal: 2]] type: [READ], collections: [], Path: >> [/select] path : /select params :q=*:*&indent=on&wt=json >> >> collections is empty, so it looks like "/select" is not collection >> specific and so it is not possible to define read access by collection. >> >> Can someone confirm ? >> >> Regards >> >> Dominique >> >> >> >> >> >> Le ven. 21 déc. 2018 à 10:46, Dominique Bejean <dominique.bej...@eolya.fr> >> a écrit : >> >>> Hi, >>> >>> I am trying to configure security.json file, in order to define the >>> following users and permissions : >>> >>> - user "admin" with all permissions on all collections >>> - user "read" with read permissions on all collections >>> - user "1" with only read permissions on biblio collection >>> - user "2" with only read permissions on personnes collection >>> >>> Here is my security.json file >>> >>> { >>> "authentication":{ >>> "blockUnknown":true, >>> "class":"solr.BasicAuthPlugin", >>> "credentials":{ >>> "admin":"4uwfcjV7bCqOdLF/Qn2wiTyC7zIWN6lyA1Bgp1yqZj0= >>> 7PCh68vhIlZXg1l45kSlvGKowMg1bm/L3eSfgT5dzjs=", >>> "read":"azUFSo9/plsGkQGhSQuk8YXoir22pALVpP8wFkd7wlk= >>> gft4wNAeuvz7P8bv/Jv6TK94g516/qXe9cFWe/VlhDo=", >>> "1":"azUFSo9/plsGkQGhSQuk8YXoir22pALVpP8wFkd7wlk= >>> gft4wNAeuvz7P8bv/Jv6TK94g516/qXe9cFWe/VlhDo=", >>> "2":"azUFSo9/plsGkQGhSQuk8YXoir22pALVpP8wFkd7wlk= >>> gft4wNAeuvz7P8bv/Jv6TK94g516/qXe9cFWe/VlhDo="}, >>> "":{"v":0}}, >>> "authorization":{ >>> "class":"solr.RuleBasedAuthorizationPlugin", >>> "permissions":[ >>> { >>> "name":"all", >>> "role":"admin", >>> "index":1}, >>> { >>> "name":"read-biblio", >>> "path":"/select", >>> "role":["admin","read","r1"], >>> "collection":"biblio", >>> "index":2}, >>> { >>> "name":"read-personnes", >>> "path":"/select", >>> "role":["admin","read","r2"], >>> "collection":"personnes", >>> "index":3}, >>> { >>> "name":"read", >>> "collection":"*", >>> "role":["admin","read"], >>> "index":4}], >>> "user-role":{ >>> "admin":"admin", >>> "read":"read", >>> "1":"r1", >>> "2":"r2"} >>> } >>> } >>> >>> >>> I have a 403 errors for user 1 on biblio and user 2 on personnes while >>> using the "/select" requestHandler. However according to r1 and r2 roles >>> and premissions order, the access should be allowed. >>> >>> I have duplicated the TestRuleBasedAuthorizationPlugin.java class in >>> order to test these exact same permissions and roles. checkRules reports >>> access is allowed !!! >>> >>> I don't understand where is the problem. Any ideas ? >>> >>> Regards >>> >>> Dominique >>> >>> >>> >>> >>> >>> >>> >>>