Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Information Provided
-
5.5.4
-
None
-
None
-
SolrCloud with 3 nodes and test collection. No data. Single shard.
Zookeper v.3.4.5
Description
Expected behavior (as described in docs):
- Unauthenticated users should not get access to /admin/authentication and /admin/authentication
Demonstrated behavior:
- /admin/authentication and /admin/authentication are publicly available. So it looks like permissions are ignored totally:
2017-07-16T17:36:39.379Z [DEBUG] [org.apache.solr.servlet.SolrDispatchFilter#authenticateRequest] Request to authenticate: (GET /solr/admin/authorization)@2095474071 org.eclipse.jetty.server.Request@7ce66597, domain: 10.0.1.31, port: 8983 2017-07-16T17:36:39.379Z [DEBUG] [org.apache.solr.servlet.SolrDispatchFilter#doFilter] User principal: null 2017-07-16T17:36:39.380Z [DEBUG] [org.apache.solr.servlet.HttpSolrCall#call] AuthorizationContext : userPrincipal: [null] type: [ADMIN], collections: [], Path: [/admin/authorization] path : /admin/authorization params : 2017-07-16T17:36:39.380Z [DEBUG] [org.apache.solr.security.RuleBasedAuthorizationPlugin#checkPathPerm] No permissions configured for the resource /admin/authorization . So allowed to access 2017-07-16T17:36:39.380Z [INFO] [org.apache.solr.servlet.HttpSolrCall#handleAdminRequest] [admin] webapp=null path=/admin/authorization params={} status=0 QTime=0
zkcli -cmd get /security.json | grep -v '2'|grep -v '$':
{ "authentication": "class": "solr.BasicAuthPlugin", "credentials": { "SOLR_TEST": "tiBhLoJSYJP1meUp7zgaiRXnZp52tXQM7PttV62CV5k= c2hhaXRodTFmdWxvaXBoOXVlbGFzaGk2T29nZWl5YWlQM2Y=" } }, "authorization": { "class": "solr.RuleBasedAuthorizationPlugin", "permissions": [{ "name": "security-read", "role": "administrator" }, { "name": "security-edit", "role": "administrator" }, { "name": "schema-edit", "role": "administrator" }, { "name": "config-edit", "role": "administrator" }, { "name": "collection-admin-edit", "role": "administrator" }, { "name": "collection-admin-read", "role": "administrator" } ], "user-role": { "SOLR_TEST": "administrator" } } }