There are no download links for 5.3.x branch till we do a bug fix release If you wish to download the trunk nightly (which is not same as 5.3.0) check here https://builds.apache.org/job/Solr-Artifacts-trunk/lastSuccessfulBuild/artifact/solr/package/
If you wish to get the binaries for 5.3 branch you will have to make it (you will need to install svn and ant) Here are the steps svn checkout http://svn.apache.org/repos/asf/lucene/dev/branches/lucene_solr_5_3/ cd lucene_solr_5_3/solr ant server On Fri, Sep 4, 2015 at 4:11 PM, davidphilip cherian <davidphilipcher...@gmail.com> wrote: > Hi Kevin/Noble, > > What is the download link to take the latest? What are the steps to compile > it, test and use? > We also have a use case to have this feature in solr too. Therefore, wanted > to test and above info would help a lot to get started. > > Thanks. > > > On Fri, Sep 4, 2015 at 1:45 PM, Kevin Lee <kgle...@yahoo.com.invalid> wrote: > >> Thanks, I downloaded the source and compiled it and replaced the jar file >> in the dist and solr-webapp’s WEB-INF/lib directory. It does seem to be >> protecting the Collections API reload command now as long as I upload the >> security.json after startup of the Solr instances. If I shutdown and bring >> the instances back up, the security is no longer in place and I have to >> upload the security.json again for it to take effect. >> >> - Kevin >> >> > On Sep 3, 2015, at 10:29 PM, Noble Paul <noble.p...@gmail.com> wrote: >> > >> > Both these are committed. If you could test with the latest 5.3 branch >> > it would be helpful >> > >> > On Wed, Sep 2, 2015 at 5:11 PM, Noble Paul <noble.p...@gmail.com> wrote: >> >> I opened a ticket for the same >> >> https://issues.apache.org/jira/browse/SOLR-8004 >> >> >> >> On Wed, Sep 2, 2015 at 1:36 PM, Kevin Lee <kgle...@yahoo.com.invalid> >> wrote: >> >>> I’ve found that completely exiting Chrome or Firefox and opening it >> back up re-prompts for credentials when they are required. It was >> re-prompting with the /browse path where authentication was working each >> time I completely exited and started the browser again, however it won’t >> re-prompt unless you exit completely and close all running instances so I >> closed all instances each time to test. >> >>> >> >>> However, to make sure I ran it via the command line via curl as >> suggested and it still does not give any authentication error when trying >> to issue the command via curl. I get a success response from all the Solr >> instances that the reload was successful. >> >>> >> >>> Not sure why the pre-canned permissions aren’t working, but the one to >> the request handler at the /browse path is. >> >>> >> >>> >> >>>> On Sep 1, 2015, at 11:03 PM, Noble Paul <noble.p...@gmail.com> wrote: >> >>>> >> >>>> " However, after uploading the new security.json and restarting the >> >>>> web browser," >> >>>> >> >>>> The browser remembers your login , So it is unlikely to prompt for the >> >>>> credentials again. >> >>>> >> >>>> Why don't you try the RELOAD operation using command line (curl) ? >> >>>> >> >>>> On Tue, Sep 1, 2015 at 10:31 PM, Kevin Lee <kgle...@yahoo.com.invalid> >> wrote: >> >>>>> The restart issues aside, I’m trying to lockdown usage of the >> Collections API, but that also does not seem to be working either. >> >>>>> >> >>>>> Here is my security.json. I’m using the “collection-admin-edit” >> permission and assigning it to the “adminRole”. However, after uploading >> the new security.json and restarting the web browser, it doesn’t seem to be >> requiring credentials when calling the RELOAD action on the Collections >> API. The only thing that seems to work is the custom permission “browse” >> which is requiring authentication before allowing me to pull up the page. >> Am I using the permissions correctly for the RuleBasedAuthorizationPlugin? >> >>>>> >> >>>>> { >> >>>>> "authentication":{ >> >>>>> "class":"solr.BasicAuthPlugin", >> >>>>> "credentials": { >> >>>>> "admin”:”<pass> <salt>", >> >>>>> "user": ”<pass> <salt>" >> >>>>> } >> >>>>> }, >> >>>>> "authorization":{ >> >>>>> "class":"solr.RuleBasedAuthorizationPlugin", >> >>>>> "permissions": [ >> >>>>> { >> >>>>> "name":"security-edit", >> >>>>> "role":"adminRole" >> >>>>> }, >> >>>>> { >> >>>>> "name":"collection-admin-edit”, >> >>>>> "role":"adminRole" >> >>>>> }, >> >>>>> { >> >>>>> "name":"browse", >> >>>>> "collection": "inventory", >> >>>>> "path": "/browse", >> >>>>> "role":"browseRole" >> >>>>> } >> >>>>> ], >> >>>>> "user-role": { >> >>>>> "admin": [ >> >>>>> "adminRole", >> >>>>> "browseRole" >> >>>>> ], >> >>>>> "user": [ >> >>>>> "browseRole" >> >>>>> ] >> >>>>> } >> >>>>> } >> >>>>> } >> >>>>> >> >>>>> Also tried adding the permission using the Authorization API, but no >> effect, still isn’t protecting the Collections API from being invoked >> without a username password. I do see in the Solr logs that it sees the >> updates because it outputs the messages “Updating /security.json …”, >> “Security node changed”, “Initializing authorization plugin: >> solr.RuleBasedAuthorizationPlugin” and “Authentication plugin class >> obtained from ZK: solr.BasicAuthPlugin”. >> >>>>> >> >>>>> Thanks, >> >>>>> Kevin >> >>>>> >> >>>>>> On Sep 1, 2015, at 12:31 AM, Noble Paul <noble.p...@gmail.com> >> wrote: >> >>>>>> >> >>>>>> I'm investigating why restarts or first time start does not read the >> >>>>>> security.json >> >>>>>> >> >>>>>> On Tue, Sep 1, 2015 at 1:00 PM, Noble Paul <noble.p...@gmail.com> >> wrote: >> >>>>>>> I removed that statement >> >>>>>>> >> >>>>>>> "If activating the authorization plugin doesn't protect the admin >> ui, >> >>>>>>> how does one protect access to it?" >> >>>>>>> >> >>>>>>> One does not need to protect the admin UI. You only need to protect >> >>>>>>> the relevant API calls . I mean it's OK to not protect the CSS and >> >>>>>>> HTML stuff. But if you perform an action to create a core or do a >> >>>>>>> query through admin UI , it automatically will prompt you for >> >>>>>>> credentials (if those APIs are protected) >> >>>>>>> >> >>>>>>> On Tue, Sep 1, 2015 at 12:41 PM, Kevin Lee >> <kgle...@yahoo.com.invalid> wrote: >> >>>>>>>> Thanks for the clarification! >> >>>>>>>> >> >>>>>>>> So is the wiki page incorrect at >> >>>>>>>> >> https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin >> which says that the admin ui will require authentication once the >> authorization plugin is activated? >> >>>>>>>> >> >>>>>>>> "An authorization plugin is also available to configure Solr with >> permissions to perform various activities in the system. Once activated, >> access to the Solr Admin UI and all requests will need to be authenticated >> and users will be required to have the proper authorization for all >> requests, including using the Admin UI and making any API calls." >> >>>>>>>> >> >>>>>>>> If activating the authorization plugin doesn't protect the admin >> ui, how does one protect access to it? >> >>>>>>>> >> >>>>>>>> Also, the issue I'm having is not just at restart. According to >> the docs security.json should be uploaded to Zookeeper before starting any >> of the Solr instances. However, I tried to upload security.json before >> starting any of the Solr instances, but it would not pick up the security >> config until after the Solr instances are already running and then >> uploading the security.json again. I can see in the logs at startup that >> the Solr instances don't see any plugin enabled even though security.json >> is already in zookeeper and then after they are started and the >> security.json is uploaded again I see it reconfigure to use the plugin. >> >>>>>>>> >> >>>>>>>> Thanks, >> >>>>>>>> Kevin >> >>>>>>>> >> >>>>>>>>> On Aug 31, 2015, at 11:22 PM, Noble Paul <noble.p...@gmail.com> >> wrote: >> >>>>>>>>> >> >>>>>>>>> Admin UI is not protected by any of these permissions. Only if >> you try >> >>>>>>>>> to perform a protected operation , it asks for a password. >> >>>>>>>>> >> >>>>>>>>> I'll investigate the restart problem and report my findings >> >>>>>>>>> >> >>>>>>>>>> On Tue, Sep 1, 2015 at 3:10 AM, Kevin Lee >> <kgle...@yahoo.com.invalid> wrote: >> >>>>>>>>>> Anyone else running into any issues trying to get the >> authentication and authorization plugins in 5.3 working? >> >>>>>>>>>> >> >>>>>>>>>>> On Aug 29, 2015, at 2:30 AM, Kevin Lee >> <kgle...@yahoo.com.INVALID> wrote: >> >>>>>>>>>>> >> >>>>>>>>>>> Hi, >> >>>>>>>>>>> >> >>>>>>>>>>> I’m trying to use the new basic auth plugin for Solr 5.3 and >> it doesn’t seem to be working quite right. Not sure if I’m missing steps >> or there is a bug. I am able to get it to protect access to a URL under a >> collection, but am unable to get it to secure access to the Admin UI. In >> addition, after stopping the Solr and Zookeeper instances, the >> security.json is still in Zookeeper, however Solr is allowing access to >> everything again like the security configuration isn’t in place. >> >>>>>>>>>>> >> >>>>>>>>>>> Contents of security.json taken from wiki page, but edited to >> produce valid JSON. Had to move comma after 3rd from last “}” up to just >> after the last “]”. >> >>>>>>>>>>> >> >>>>>>>>>>> { >> >>>>>>>>>>> "authentication":{ >> >>>>>>>>>>> "class":"solr.BasicAuthPlugin", >> >>>>>>>>>>> >> "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= >> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="} >> >>>>>>>>>>> }, >> >>>>>>>>>>> "authorization":{ >> >>>>>>>>>>> "class":"solr.RuleBasedAuthorizationPlugin", >> >>>>>>>>>>> "permissions":[{"name":"security-edit", >> >>>>>>>>>>> "role":"admin"}], >> >>>>>>>>>>> "user-role":{"solr":"admin"} >> >>>>>>>>>>> }} >> >>>>>>>>>>> >> >>>>>>>>>>> Here are the steps I followed: >> >>>>>>>>>>> >> >>>>>>>>>>> Upload security.json to zookeeper >> >>>>>>>>>>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 >> -cmd putfile /security.json ~/solr/security.json >> >>>>>>>>>>> >> >>>>>>>>>>> Use zkCli.sh from Zookeeper to ensure the security.json is in >> Zookeeper at /security.json. It is there and looks like what was >> originally uploaded. >> >>>>>>>>>>> >> >>>>>>>>>>> Start Solr Instances >> >>>>>>>>>>> >> >>>>>>>>>>> Attempt to create a permission, however get the following >> error: >> >>>>>>>>>>> { >> >>>>>>>>>>> "responseHeader":{ >> >>>>>>>>>>> "status":400, >> >>>>>>>>>>> "QTime":0}, >> >>>>>>>>>>> "error":{ >> >>>>>>>>>>> "msg":"No authorization plugin configured", >> >>>>>>>>>>> "code":400}} >> >>>>>>>>>>> >> >>>>>>>>>>> Upload security.json again. >> >>>>>>>>>>> ./zkcli.sh -z localhost:2181,localhost:2182,localhost:2183 >> -cmd putfile /security.json ~/solr/security.json >> >>>>>>>>>>> >> >>>>>>>>>>> Issue the following to try to create the permission again and >> this time it’s successful. >> >>>>>>>>>>> // Create a permission for mysearch endpoint >> >>>>>>>>>>> curl --user solr:SolrRocks -H >> 'Content-type:application/json' -d '{"set-permission": >> {"name":"mycollection-search","collection": >> “mycollection","path":”/mysearch","role": "search-user"}}' >> http://localhost:8983/solr/admin/authorization >> >>>>>>>>>>> >> >>>>>>>>>>> { >> >>>>>>>>>>> "responseHeader":{ >> >>>>>>>>>>> "status":0, >> >>>>>>>>>>> "QTime":7}} >> >>>>>>>>>>> >> >>>>>>>>>>> Issue the following commands to add users >> >>>>>>>>>>> curl --user solr:SolrRocks >> http://localhost:8983/solr/admin/authentication -H >> 'Content-type:application/json' -d '{"set-user": {"admin" : “password" }}’ >> >>>>>>>>>>> curl --user solr:SolrRocks >> http://localhost:8983/solr/admin/authentication -H >> 'Content-type:application/json' -d '{"set-user": {"user" : “password" }}' >> >>>>>>>>>>> >> >>>>>>>>>>> Issue the following command to add permission to users >> >>>>>>>>>>> curl -u solr:SolrRocks -H 'Content-type:application/json' -d >> '{ "set-user-role" : {"admin": ["search-user", "admin"]}}' >> http://localhost:8983/solr/admin/authorization >> >>>>>>>>>>> curl -u solr:SolrRocks -H 'Content-type:application/json' -d >> '{ "set-user-role" : {"user": ["search-user"]}}' >> http://localhost:8983/solr/admin/authorization >> >>>>>>>>>>> >> >>>>>>>>>>> After executing the above, access to /mysearch is protected >> until I restart the Solr and Zookeeper instances. However, the admin UI is >> never protected like the Wiki page says it should be once activated. >> >>>>>>>>>>> >> >>>>>>>>>>> >> https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin >> < >> https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin >> > >> >>>>>>>>>>> >> >>>>>>>>>>> Why does the authentication and authorization plugin not stay >> activated after restart and why is the Admin UI never protected? Am I >> missing any steps? >> >>>>>>>>>>> >> >>>>>>>>>>> Thanks, >> >>>>>>>>>>> Kevin >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> -- >> >>>>>>>>> ----------------------------------------------------- >> >>>>>>>>> Noble Paul >> >>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> -- >> >>>>>>> ----------------------------------------------------- >> >>>>>>> Noble Paul >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> ----------------------------------------------------- >> >>>>>> Noble Paul >> >>>>> >> >>>> >> >>>> >> >>>> >> >>>> -- >> >>>> ----------------------------------------------------- >> >>>> Noble Paul >> >>> >> >> >> >> >> >> >> >> -- >> >> ----------------------------------------------------- >> >> Noble Paul >> > >> > >> > >> > -- >> > ----------------------------------------------------- >> > Noble Paul >> >> -- ----------------------------------------------------- Noble Paul
