[
https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15062556#comment-15062556
]
Noble Paul commented on SOLR-8429:
----------------------------------
bq.Cool. This workaround would require blockUnauthenticated to be false, right?
yes
bq.Just a thought: If the new flag blockUnauthenticated is not explicitly
defined in config, could the default be smart and depend on whether an
Authorization plugin is active or not?
I'm kinda against any rule which requires a user to read documentation to
understand. The rule of thumb is if a user looks at the {{security.json}} he
should have enough idea on what could happen.
> add a flag blockUnauthenticated to BasicAutPlugin
> -------------------------------------------------
>
> Key: SOLR-8429
> URL: https://issues.apache.org/jira/browse/SOLR-8429
> Project: Solr
> Issue Type: Improvement
> Reporter: Noble Paul
> Assignee: Noble Paul
>
> If authentication is setup with BasicAuthPlugin, it let's all requests go
> through if no credentials are passed. This was done to have minimal impact
> for users who only wishes to protect a few end points (say , collection admin
> and core admin only)
> We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests
> to go in
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
