Hey, I'm new to configuring Solr. I'm trying to configure Solr with Rule Based
Authorization.
https://lucene.apache.org/solr/guide/8_6/rule-based-authorization-plugin.html
I have permissions working if I allow everything with "all", but I want to
limit access so that a site can only access its own collection, in addition to
a server ping path, so I'm trying to add the collection-specific permission at
the top:
"permissions": [
{
"name": "custom-example",
"collection": "example",
"path": "*",
"role": [
"admin",
"example"
]
},
{
"name": "custom-collection",
"collection": "*",
"path": [
"/admin/luke",
"/admin/mbeans",
"/admin/system"
],
"role": "*"
},
{
"name": "custom-ping",
"collection": null,
"path": [
"/admin/info/system"
],
"role": "*"
},
{
"name": "all",
"role": "admin"
}
]
The rule "custom-ping" works, and "all" works. But when the above permissions
are used, access is denied to the "example" user-role for collection "example"
at the path "/solr/example/select". If I specify paths explicitly, the
permissions work, but I can't get permissions to work with path wildcards for a
specific collection.
I also had to declare "custom-collection" with the specific paths needed to get
collection info in order for those paths to work. I would've expected that
these paths would be included in the collection-specific paths and be covered
by the first rule, but they aren't. For example, the call to
"/solr/example/admin/luke" will fail if the path is removed from this rule.
I don't really want to specify every single path I might need to use. Am I
using the path wildcard wrong somehow? Is there a better way to do
collection-specific authorizations for a collection "example"?
Thanks.
- M
