Description
If authentication is setup with BasicAuthPlugin, it let's all requests go through if no credentials are passed. This was done to have minimal impact for users who only wishes to protect a few end points (say , collection admin and core admin only)
We can add a flag to BasicAuthPlugin to allow only authenticated requests to go in
the users can create the first security.json with that flag
server/scripts/cloud-scripts/zkcli.sh -z localhost:9983 -cmd put /security.json '{"authentication": {"class": "solr.BasicAuthPlugin", "blockUnknown": true, "credentials": {"solr": "orwp2Ghgj39lmnrZOTm7Qtre1VqHFDfwAEzr0ApbN3Y= Ju5osoAqOX8iafhWpPP01E5P+sg8tK8tHON7rCYZRRw="}}}'
or add the flag later
using the command
curl http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d '{ {set-property:{blockUnknown:true} }'