Major Description
I ran the following command to enable basic auth for my Solr installation:
bin/solr auth enable -type basicAuth -prompt true -z localhost:2181 -blockUnknown true
It created the security policy with blockUnknown=false. That's an issue with arg parsing in BASH (easy to fix) ... the bigger issue is the Admin UI relies on getting a 401 from the backend to show login / logout but with blockUnknown=false, this never shows.
The auth utility only creates role bindings for the following predefined permissions:
{"name":"security-edit", "role":"admin"},
{"name":"collection-admin-edit", "role":"admin"},
{"name":"core-admin-edit", "role":"admin"}
The problem is when blockUnknown=false, the UI doesn't hit any endpoints that trigger a 401 to cause the Admin UI to prompt for a login. I think the initial security.json created by the auth tool should also include:
{"name":"security-read", "role":"admin"},
{"name":"config-edit", "role":"admin"},
The config-edit is needed for the new Schema Designer UI and we shouldn't allow un-authenticated users to edit configs anyway.
With these two new permissions in place, when an un-authenticated user navigates to the new Security screen, they will be redirected to login.
