[
https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061208#comment-15061208
]
Jan Høydahl commented on SOLR-8429:
-----------------------------------
Let's make it default to true from 5.5, aligning with what people expect after
enabling auth in any piece of software. We can fix back-compat using
{{luceneMatchVersion}}, or I'm also OK with treating this as a Bug, documenting
the change in CHANGES, since the refGuide does not even mention the current
behavior.
Is it at all possible with 5.4 to make BasicAuth work without also specifying
authorization?
> add a flag blockUnauthenticated to BasicAutPlugin
> -------------------------------------------------
>
> Key: SOLR-8429
> URL: https://issues.apache.org/jira/browse/SOLR-8429
> Project: Solr
> Issue Type: Improvement
> Reporter: Noble Paul
> Assignee: Noble Paul
>
> If authentication is setup with BasicAuthPlugin, it let's all requests go
> through if no credentials are passed. This was done to have minimal impact
> for users who only wishes to protect a few end points (say , collection admin
> and core admin only)
> We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests
> to go in
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
