hi jason
which version of solr has the definitive fix for the rbap again ?
also is there a jira to fix or create a documentation for the same that works
:) ?
aroop
> On May 24, 2019, at 9:55 AM, Jason Gerlowski <gerlowsk...@gmail.com> wrote:
>
> Hi Sotiris,
>
> First, what version of Solr are you running? We've made some fixes
> recently (esp. SOLR-13355) to RBAP, and they might affect the behavior
> you're seeing or any fixes we can recommend.
>
> Second, the order of permissions in security.json has a huge effect on
> how . Solr always uses the first permission rule that matches a given
> API...later rules are ignored if a match is found in earlier ones.
> The first rule in your permissions block ({"name": "all", "role":
> "admin"}) will match all APIs and will only allow requests through if
> the requesting user has the "admin" role. So "user" being unable to
> query an alias makes sense. Usually "all" and other catchall
> permissions are best used at the very bottom of your permissions list.
> That way the catchall is the last rule to be checked, giving other
> rules a chance to match first.
>
> Hope that helps.
>
> Jason
>
> On Wed, May 22, 2019 at 6:21 AM Sotiris Fragkiskos <sfra...@gmail.com> wrote:
>>
>> Hi everyone!
>> I've been trying unsuccessfully to read an alias to a collection with a
>> curl command.
>> The command only works when I put in the admin credentials, although the
>> user I want access for also has the required role for accessing.
>> Is this perhaps built-in, or should anyone be able to access an alias from
>> the API?
>>
>> The command I'm using is:
>> curl http://
>> <user>:<pass>@<solrhostname>/solr/<AliasName>/select?q=<field>:<value>
>> This fails for the user but succeeds for the admin
>>
>> My minimum working example of security.json follows.
>> Many thanks!
>>
>> {
>> "authentication":{
>> "blockUnknown":true,
>> "class":"solr.BasicAuthPlugin",
>> "credentials":{
>> "admin":"blahblahblah",
>> "user":"blahblah"},
>> "":{"v":13}},
>> "authorization":{
>> "class":"solr.RuleBasedAuthorizationPlugin",
>> "permissions":[
>> {
>> "name":"all",
>> "role":"admin",
>> "index":1},
>> {
>> "name":"readColl",
>> "collection":"Coll",
>> "path":"/select/*",
>> "role":"readColl",
>> "index":2},
>> {
>> "name":"readSCollAlias",
>> "collection":"sCollAlias",
>> "path":"/select/*",
>> "role":"readSCollAlias",
>> "index":3}],
>> "user-role":{
>> "admin":[
>> "admin",
>> "readSCollAlias"],
>> "user":["readSCollAlias"]},
>> "":{"v":21}}}
