SOLR-7896 made some changes to the admin ui login. After the changes I can no longer log in at all.
I'm running standalone solr 7.7 (same with 8.0) with the following security.json:
Opening the UI at http://localhost:8080/solr/ shows an error page with 401. The login page is not displayed because of the "all" permission being required. The browser's basic auth popup is not shown because the WWW-Authenticate header is not present. Changing the RuleBasedAuthorizationPlugin required permission from "all" to "security-edit" makes the login page appear.
The bug can be reproduced as follows:
- unpack solr-8.0.0.zip
- copy the security.json example from https://lucene.apache.org/solr/guide/7_7/basic-authentication-plugin.html into server/solr/ and replace "name":"security-edit" with "name":"all"
- start with bin/solr -f -p 8080
- open http://localhost:8080/
The bug was discussed on solr-user list http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201903.mbox/%3C7629BDDD-3D22-4203-9188-0E0A8DCF2FEE%40cominvent.com%3E