Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-8439

Solr Security - Permission read does not work as expected

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • 5.3.1
    • None
    • security
    • None

    • Linux, Solr Cloud

    Description

      I enabled security on my solr cloud and added basic authentication and authorization to allow only specific users to read and update the records. What I observed that update works fine but read does not stop from anonymous access.

      On digging deeper I saw that RuleBasedAuthorizationPlugin.java has incorrectly defined the read permissions as follows:

      read :

      {" + " path:['/update/*', '/get']}

      ," +

      It should be /select/* rather than /update/*

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. SOLR-8167 RuleBasedAuthorization plugin bypass with POST requests

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              gkumar48@yahoo.com Gaurav Kumar
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 3h
                  3h
                  Remaining:
                  Remaining Estimate - 3h
                  3h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified