Hi, Leading and trailing whitespaces are often trimmed off before any request is sent to avoid invisible characters causing login failures and confusion to the user when the user does not see the trailing spaces for example. In my opinion this should not be done to data like username and password (and it is also a bug if it is done to passwords), and normally not trimmed after the request is sent (at the backend).
So besides the trailing whitespaces, is anything else not working or not as you would expect it? The configuration you sent seems alright so far. Best, Christos On Thu, Mar 5, 2026 at 10:44 AM Ghanekar, Vijay via users < [email protected]> wrote: > Hi > I have configured Basic auth using security.json - attached below for > reference > > When user enter username/password as "solr " ( username with whitespaces > ) system allows login successfully even when trailing whitespace is added > to the username and/or password. > > So can you let us know correct way to create security.json which will > validate username and/or password. > > > { > "authorization": { > "user-role": { > "solr": "admin" > }, > "permissions": [ > { > "role": "admin", > "name": "all" > } > ], > "class": "solr.RuleBasedAuthorizationPlugin" > }, > "authentication": { > "credentials": { > "solr": "j4Cohx5gF/saSQx3nJUGixAgChHHa/2GmighqSXkhNE= > fIi5Zj0mm85YOhTE5EauyWRtI8PXTEcXbLfgm8F5YOI=" > }, > "blockUnknown": true, > "class": "solr.BasicAuthPlugin" > } > } >
