Admin UI is not protected by any of these permissions. Only if you try
to perform a protected operation , it asks for a password.
I'll investigate the restart problem and report my findings
On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee <kgle...@yahoo.com.invalid> wrote:
> Anyone else running into any issues trying to get the authentication and
> authorization plugins in 5.3 working?
>
>> On Aug 29, 2015, at 2:30 AM, Kevin Lee <kgle...@yahoo.com.INVALID> wrote:
>>
>> Hi,
>>
>> I’m trying to use the new basic auth plugin for Solr 5.3 and it doesn’t seem
>> to be working quite right. Not sure if I’m missing steps or there is a bug.
>> I am able to get it to protect access to a URL under a collection, but am
>> unable to get it to secure access to the Admin UI. In addition, after
>> stopping the Solr and Zookeeper instances, the security.json is still in
>> Zookeeper, however Solr is allowing access to everything again like the
>> security configuration isn’t in place.
>>
>> Contents of security.json taken from wiki page, but edited to produce valid
>> JSON. Had to move comma after 3rd from last “}” up to just after the last
>> “]”.
>>
>> {
>> "authentication":{
>> "class":"solr.BasicAuthPlugin",
>> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
>> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
>> },
>> "authorization":{
>> "class":"solr.RuleBasedAuthorizationPlugin",
>> "permissions":[{"name":"security-edit",
>> "role":"admin"}],
>> "user-role":{"solr":"admin"}
>> }}
>>
>> Here are the steps I followed:
>>
>> Upload security.json to zookeeper
>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile
>> /security.json ~/solr/security.json
>>
>> Use zkCli.sh from Zookeeper to ensure the security.json is in Zookeeper at
>> /security.json. It is there and looks like what was originally uploaded.
>>
>> Start Solr Instances
>>
>> Attempt to create a permission, however get the following error:
>> {
>> "responseHeader":{
>> "status":400,
>> "QTime":0},
>> "error":{
>> "msg":"No authorization plugin configured",
>> "code":400}}
>>
>> Upload security.json again.
>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 -cmd putfile
>> /security.json ~/solr/security.json
>>
>> Issue the following to try to create the permission again and this time it’s
>> successful.
>> // Create a permission for mysearch endpoint
>> curl --user solr:SolrRocks -H 'Content-type:application/json' -d
>> '{"set-permission": {"name":"mycollection-search","collection":
>> “mycollection","path":”/mysearch","role": "search-user"}}'
>> http://localhost:8983/solr/admin/authorization
>>
>> {
>> "responseHeader":{
>> "status":0,
>> "QTime":7}}
>>
>> Issue the following commands to add users
>> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication
>> -H 'Content-type:application/json' -d '{"set-user": {"admin" : “password" }}’
>> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication
>> -H 'Content-type:application/json' -d '{"set-user": {"user" : “password" }}'
>>
>> Issue the following command to add permission to users
>> curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{
>> "set-user-role" : {"admin": ["search-user", "admin"]}}'
>> http://localhost:8983/solr/admin/authorization
>> curl -u solr:SolrRocks -H 'Content-type:application/json' -d '{
>> "set-user-role" : {"user": ["search-user"]}}'
>> http://localhost:8983/solr/admin/authorization
>>
>> After executing the above, access to /mysearch is protected until I restart
>> the Solr and Zookeeper instances. However, the admin UI is never protected
>> like the Wiki page says it should be once activated.
>>
>> https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin
>>
>> <https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin>
>>
>> Why does the authentication and authorization plugin not stay activated
>> after restart and why is the Admin UI never protected? Am I missing any
>> steps?
>>
>> Thanks,
>> Kevin
--
-----------------------------------------------------
Noble Paul
