Anyone who has an account can open a JIRA, have you created one?
> On Dec 13, 2019, at 5:10 PM, Oakley, Craig (NIH/NLM/NCBI) [C]
> <craig.oak...@nih.gov.INVALID> wrote:
>
> It looks as though I do not have an option under
> issues.apache.org/jira/projects/SOLR/issues by which to create an issue.
> Could you create one (and let me know its number)?
>
> Thanks
>
> -----Original Message-----
> From: Jan Høydahl <jan....@cominvent.com>
> Sent: Friday, December 13, 2019 3:52 PM
> To: solr-user@lucene.apache.org
> Subject: Re: Solr8 changes how security.json restricts access to GUI
>
> Ok, se should perhaps print a warning somewhere that IE is not supported. Can
> you file a JIRA issue?
>
> Jan Høydahl
>
>> 13. des. 2019 kl. 21:43 skrev Oakley, Craig (NIH/NLM/NCBI) [C]
>> <craig.oak...@nih.gov.invalid>:
>>
>> Well that is progress: indeed Firefox and Chrome and Edge do indeed prompt
>> for login and password (as desired). It is Internet Explorer which does not,
>> nor does curl (that is to say, if you ask curl only to go to the top level:
>> host:port/solr -- going any further it will complain, such as your
>> /solr/admin/info/system example gets Error 401 Authentication failed,
>> Response code: 401)
>>
>>
>>
>> -----Original Message-----
>> From: Jan Høydahl <jan....@cominvent.com>
>> Sent: Friday, December 13, 2019 2:15 PM
>> To: solr-user <solr-user@lucene.apache.org>
>> Subject: Re: Solr8 changes how security.json restricts access to GUI
>>
>> I got your screenshot
>> (https://www.dropbox.com/s/7tbn7gx3uag6jcg/crippledSolrGUI.jpg?dl=0
>> <https://www.dropbox.com/s/7tbn7gx3uag6jcg/crippledSolrGUI.jpg?dl=0>)
>>
>> This is quite uncommon. You should see a loging screen if you have basicAuth
>> enabled.
>> Have you tried a different browser?
>>
>> What do you get if you run this command
>>
>> curl -i http://your-solr-url/solr/admin/info/system
>>
>> Or if you use your browser’s developer tools to inspect network traffic?
>>
>> Jan
>>
>>> 12. des. 2019 kl. 23:49 skrev Jan Høydahl <jan....@cominvent.com>:
>>>
>>> Attachments are stripped from list, can you post a link to the screenshot
>>> of the UI when you first visit?
>>>
>>> Jan
>>>
>>>>> 12. des. 2019 kl. 17:27 skrev Oakley, Craig (NIH/NLM/NCBI) [C]
>>>>> <craig.oak...@nih.gov.INVALID>:
>>>>
>>>> Below is the security.json (with password hashes redacted): in Solr7.4 it
>>>> prompts for a password and (if you get it right) lets you into the whole
>>>> GUI; But in Solr8.1.1 and in Solr 8.3, it does not prompt for a password
>>>> before letting you into a crippled version of the GUI (as depicted in the
>>>> attachment)
>>>>
>>>> {
>>>> "authentication":{
>>>> "class":"solr.BasicAuthPlugin",
>>>> "credentials":{
>>>> "solradmin":"[redacted]",
>>>> "pysolrmon":"[redacted]",
>>>> "solrtrg":"[redacted]"},
>>>> "":{"v":2}},
>>>> "authorization":{
>>>> "class":"solr.RuleBasedAuthorizationPlugin",
>>>> "user-role":{
>>>> "solradmin":[
>>>> "admin",
>>>> "allgen",
>>>> "trgadmin",
>>>> "genadmin"],
>>>> "solrtrg":[
>>>> "trgadmin",
>>>> "allgen"],
>>>> "pysolrmon":["clustatus_role"]},
>>>> "permissions":[
>>>> {
>>>> "name":"gen_admin",
>>>> "collection":"NULL",
>>>> "path":"/admin/cores",
>>>> "params":{"action":[
>>>> "REGEX:(?i)CREATE",
>>>> "REGEX:(?i)RENAME",
>>>> "REGEX:(?i)SWAP",
>>>> "REGEX:(?i)UNLOAD",
>>>> "REGEX:(?i)SPLIT"]},
>>>> "role":"genadmin"},
>>>> {
>>>> "name":"col_admin",
>>>> "collection":null,
>>>> "path":"/admin/collections",
>>>> "params":{"action":[
>>>> "REGEX:(?i)CREATE",
>>>> "REGEX:(?i)MODIFYCOLLECTION",
>>>> "REGEX:(?i)SPLITSHARD",
>>>> "REGEX:(?i)CREATESHARD",
>>>> "REGEX:(?i)DELETESHARD",
>>>> "REGEX:(?i)CREATEALIAS",
>>>> "REGEX:(?i)DELETEALIAS",
>>>> "REGEX:(?i)DELETE",
>>>> "REGEX:(?i)DELETEREPLICA",
>>>> "REGEX:(?i)ADDREPLICA",
>>>> "REGEX:(?i)CLUSTERPROP",
>>>> "REGEX:(?i)MIGRATE",
>>>> "REGEX:(?i)ADDROLE",
>>>> "REGEX:(?i)REMOVEROLE",
>>>> "REGEX:(?i)ADDREPLICAPROP",
>>>> "REGEX:(?i)DELETEREPLICAPROP",
>>>> "REGEX:(?i)BALANCESHARDUNIQUE",
>>>> "REGEX:(?i)REBALANCELEADERS",
>>>> "REGEX:(?i)FORCELEADER",
>>>> "REGEX:(?i)MIGRATESTATEFORMAT"]},
>>>> "role":"genadmin"},
>>>> {
>>>> "name":"security-edit",
>>>> "role":"admin"},
>>>> {
>>>> "name":"clustatus",
>>>> "path":"/admin/collections",
>>>> "params":{"action":["REGEX:(?i)CLUSTERSTATUS"]},
>>>> "role":[
>>>> "clustatus_role",
>>>> "allgen"],
>>>> "collection":null},
>>>> {
>>>> "name":"corestatus",
>>>> "path":"/admin/cores",
>>>> "params":{"action":["REGEX:(?i)STATUS"]},
>>>> "role":[
>>>> "allgen",
>>>> "clustatus_role"],
>>>> "collection":null},
>>>> {
>>>> "name":"trgadmin",
>>>> "collection":"trg_col",
>>>> "path":"/admin/*",
>>>> "role":"trgadmin"},
>>>> {
>>>> "name":"open_select",
>>>> "path":"/select/*",
>>>> "role":null},
>>>> {
>>>> "name":"open_search",
>>>> "path":"/search/*",
>>>> "role":null},
>>>> {
>>>> "name":"catch-all-nocollection",
>>>> "collection":null,
>>>> "path":"/*",
>>>> "role":"allgen"},
>>>> {
>>>> "name":"catch-all-collection",
>>>> "path":"/*",
>>>> "role":"allgen"},
>>>> {
>>>> "name":"all-admincol",
>>>> "collection":null,
>>>> "path":"/admin/collections",
>>>> "role":"allgen"},
>>>> {
>>>> "name":"all-admincores",
>>>> "collection":null,
>>>> "path":"/admin/cores",
>>>> "role":"allgen"}],
>>>> "":{"v":5}}}
>>>>
>>>> -----Original Message-----
>>>> From: Jan Høydahl <jan....@cominvent.com>
>>>> Sent: Wednesday, December 11, 2019 7:35 PM
>>>> To: solr-user@lucene.apache.org
>>>> Subject: Re: Solr8 changes how security.json restricts access to GUI
>>>>
>>>> Please show your complete Security.json so we know how auth is configured.
>>>> Which 8.x version are you trying? There should be a login screen shown in
>>>> admin UI now.
>>>>
>>>> Jan Høydahl
>>>>
>>>>> 11. des. 2019 kl. 22:40 skrev Oakley, Craig (NIH/NLM/NCBI) [C]
>>>>> <craig.oak...@nih.gov.invalid>:
>>>>>
>>>>> In Solr 7, we had clauses in our security.json saying
>>>>>
>>>>> {
>>>>> "name":"all-admin",
>>>>> "collection":null,
>>>>> "path":"/*",
>>>>> "role":"allgen",
>>>>> "index":15},
>>>>> {
>>>>> "name":"all-core-handlers",
>>>>> "path":"/*",
>>>>> "role":"allgen",
>>>>> "index":16},
>>>>>
>>>>> We granted the role allgen to all users; but this kept our security folk
>>>>> happy in that no one could even get to the top level of the Solr GUI
>>>>> without a password.
>>>>>
>>>>> Now under Solr 8, the GUI does not prompt for a password. It just brings
>>>>> you into the GUI (albeit a stripped down version, saying such things as
>>>>> "No cores available"). By what means can we require a password to get
>>>>> this far? And by what means can we prompt for a password in order to get
>>>>> further?
>>>
>>
