Try something like this
https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7
<https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7>
The trick is to «whitelist» certain paths that will not require auth, but then
further down add rules to block all other paths either as admin role or with
special role *»* which means «any authenticated user».
Jan
> 12. des. 2019 kl. 07:47 skrev Lakhan Gupta
> <lakhan.gu...@infogain.com.INVALID>:
>
> Hi,
>
> Using solr 8.1.1 version and facing problem while enabling jwt authentication
> in solr. Jwt authentication is working fine after configuring security.json
> file. Below is the configuration I am using for enabling jwt authentication.
>
> Security.json
>
> {
> "authentication":{
> "blockUnknown": false,
> "class":"solr.JWTAuthPlugin",
> "jwk":{
> "kty":"oct",
> "use":"sig",
> "kid":"k1",
>
> "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79",
> "alg":"HS256"},
> "aud":"solr"},
> "authorization":{
> "class":"solr.RuleBasedAuthorizationPlugin",
> "permissions":[
> {
> "name":"all",
> "path":"/*",
> "role":"admin"
> }
> ],
> "user-role":{
> "solr":"admin"
> }
> }
> }
>
> Using secret key
> 7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79
>
> Jwt token is generated:
> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZCIsImF1ZCI6InNvbHIiLCJleHAiOjk5MTYyMzkwMjJ9.M4PksJTJ9gFjOlvvFmG1eDSyXDtKIRSGIYicIW9hwT4
>
> Below header and payload I'm using for generate jwt token :
>
> The header is
> {
> "alg": "HS256",
> "typ": "JWT"
> }
>
> and the payload is
>
> {
> "sub": "admin",
> "aud": "Solr",
> "exp": 9916239022
> }
>
> With above configuration my jwt authentication is working fine. But there is
> a problem when request is sent without authentication in header the api still
> retrieving data. I want to prevent it when request come without
> authentication header.
>
> For that, I've enabled blockUnknown parameter in security.json file. That
> works fine and authentication request is required. But, after enabling
> blockunknown parameter I am facing below exception while starting solr using
> solr start command.
>
>
> ERROR: Solr requires authentication for
> http://localhost:8983/solr/admin/info/system. Please supply valid
> credentials. HTTP code=401
>
> I've googled a lot and find out
>
> solr/admin/info/system endpoint required authentication.
>
> How to authenticate solr/admin/info/system endpoint while startup solr?
>
> Need urgent help. I'd appreciate if someone can help me.
>
> Thanks
> Lakhan Gupta
>
>
>
> The information in this email is confidential and may be legally privileged.
> It is intended solely for the addressee and access to it by anyone else is
> unauthorized. If you are not the intended recipient, any disclosure, copying,
> distribution or any action taken or omitted to be taken based on it, is
> strictly prohibited and may be unlawful.
