Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13097

RuleBasedAuthorizationPlugin is not fully fonctionnal in Solr standalone mode

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.6.5, 7.5
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Environment:

      Solr standalone

      Description

      In Solr standalone mode, the collections element of the request context is not populated by the core name.

      For instance, the following request:

      http://user1:xxxxxx@localhost:8983/solr/biblio/select?indent=on&q=*:*&wt=json

      reports this in log:

      2018-12-30 12:24:52.102 INFO (qtp1731656333-20) [ x:biblio] o.a.s.s.HttpSolrCall USER_REQUIRED auth header Basic Mjox context : userPrincipal: [[principal: 2]] type: [READ], collections: [], Path: [/select] path : /select params :q=:&indent=on&wt=json

      The consequence is that RuleBasedAuthorizationPlugin is not able to apply this kind of permission:

      {"name":"read-biblio",
       "path":"/select",
       "role":["admin","read","r1"],
       "collection":"biblio",
       "index":2}

      In Solrcloud mode in the init() method of HttpSolrCall.java, the collections element is populated with either the collection name matching the core name in the request or the collection names provided in the collection parameter.

      if (cores.isZooKeeperAware()) {
           // init collectionList (usually one name but not when there are aliases)
           String def = core != null ? core.getCoreDescriptor().getCollectionName() : origCorename;
           collectionsList = resolveCollectionListOrAlias(queryParams.get(COLLECTION_PROP, def)); // &collection= takes precedence
          ...
      }

       

      I expect init() method could be improved in order to populate collections element with the core name for Solr standalone mode.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              dbejean Dominique Béjean
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: