No, I doubt that bin/solr support would do more than just wire in a simple initial JWT config, with some default Rule-based config.
Jan > 17. des. 2019 kl. 16:42 skrev Jason Gerlowski <gerlowsk...@gmail.com>: > > Hey Jan, > > Is this a case of something that'd be fixed by > https://issues.apache.org/jira/browse/SOLR-13071 ? > > Just wondering > > Best, > Jason > > On Thu, Dec 12, 2019 at 5:43 PM Jan Høydahl <jan....@cominvent.com> wrote: >> >> Try something like this >> https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7 >> <https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7> >> >> The trick is to «whitelist» certain paths that will not require auth, but >> then further down add rules to block all other paths either as admin role or >> with special role *»* which means «any authenticated user». >> >> Jan >> >>> 12. des. 2019 kl. 07:47 skrev Lakhan Gupta >>> <lakhan.gu...@infogain.com.INVALID>: >>> >>> Hi, >>> >>> Using solr 8.1.1 version and facing problem while enabling jwt >>> authentication in solr. Jwt authentication is working fine after >>> configuring security.json file. Below is the configuration I am using for >>> enabling jwt authentication. >>> >>> Security.json >>> >>> { >>> "authentication":{ >>> "blockUnknown": false, >>> "class":"solr.JWTAuthPlugin", >>> "jwk":{ >>> "kty":"oct", >>> "use":"sig", >>> "kid":"k1", >>> >>> "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79", >>> "alg":"HS256"}, >>> "aud":"solr"}, >>> "authorization":{ >>> "class":"solr.RuleBasedAuthorizationPlugin", >>> "permissions":[ >>> { >>> "name":"all", >>> "path":"/*", >>> "role":"admin" >>> } >>> ], >>> "user-role":{ >>> "solr":"admin" >>> } >>> } >>> } >>> >>> Using secret key >>> 7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79 >>> >>> Jwt token is generated: >>> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZCIsImF1ZCI6InNvbHIiLCJleHAiOjk5MTYyMzkwMjJ9.M4PksJTJ9gFjOlvvFmG1eDSyXDtKIRSGIYicIW9hwT4 >>> >>> Below header and payload I'm using for generate jwt token : >>> >>> The header is >>> { >>> "alg": "HS256", >>> "typ": "JWT" >>> } >>> >>> and the payload is >>> >>> { >>> "sub": "admin", >>> "aud": "Solr", >>> "exp": 9916239022 >>> } >>> >>> With above configuration my jwt authentication is working fine. But there >>> is a problem when request is sent without authentication in header the api >>> still retrieving data. I want to prevent it when request come without >>> authentication header. >>> >>> For that, I've enabled blockUnknown parameter in security.json file. That >>> works fine and authentication request is required. But, after enabling >>> blockunknown parameter I am facing below exception while starting solr >>> using solr start command. >>> >>> >>> ERROR: Solr requires authentication for >>> http://localhost:8983/solr/admin/info/system. Please supply valid >>> credentials. HTTP code=401 >>> >>> I've googled a lot and find out >>> >>> solr/admin/info/system endpoint required authentication. >>> >>> How to authenticate solr/admin/info/system endpoint while startup solr? >>> >>> Need urgent help. I'd appreciate if someone can help me. >>> >>> Thanks >>> Lakhan Gupta >>> >>> >>> >>> The information in this email is confidential and may be legally >>> privileged. It is intended solely for the addressee and access to it by >>> anyone else is unauthorized. If you are not the intended recipient, any >>> disclosure, copying, distribution or any action taken or omitted to be >>> taken based on it, is strictly prohibited and may be unlawful. >>
