Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13344

Admin UI inaccessible with RuleBasedAuthorizationPlugin

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.7, 8.0
    • Fix Version/s: 7.7.2, 8.1
    • Component/s: Admin UI, Authentication
    • Labels:
      None

      Description

      SOLR-7896 made some changes to the admin ui login. After the changes I can no longer log in at all.

      I'm running standalone solr 7.7 (same with 8.0) with the following security.json:

      {
        "authentication": {
          "class": "solr.BasicAuthPlugin",
          "blockUnknown": true,
          "credentials": {
            "solr": "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
          },
        },
        "authorization": {
          "class": "solr.RuleBasedAuthorizationPlugin",
          "permissions": [
            {
              "name": "all",
              "role": "admin"
            }
          ],
          "user-role": {
            "solr": "admin"
          }
        }
      }
      

      Opening the UI at http://localhost:8080/solr/ shows an error page with 401. The login page is not displayed because of the "all" permission being required. The browser's basic auth popup is not shown because the WWW-Authenticate header is not present. Changing the RuleBasedAuthorizationPlugin required permission from "all" to "security-edit" makes the login page appear.

      The bug can be reproduced as follows:

      1. unpack solr-8.0.0.zip
      2. copy the security.json example from https://lucene.apache.org/solr/guide/7_7/basic-authentication-plugin.html into server/solr/ and replace "name":"security-edit" with "name":"all"
      3. start with bin/solr -f -p 8080
      4. open http://localhost:8080/

      The bug was discussed on solr-user list http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201903.mbox/%3C7629BDDD-3D22-4203-9188-0E0A8DCF2FEE%40cominvent.com%3E

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                janhoy Jan Høydahl
                Reporter:
                mbakhoff Märt
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m