[
https://issues.apache.org/jira/browse/SOLR-13619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ishan Chattopadhyaya updated SOLR-13619:
----------------------------------------
Fix Version/s: 8.2
> Kerberos: 403 when node doesn't host collection
> -----------------------------------------------
>
> Key: SOLR-13619
> URL: https://issues.apache.org/jira/browse/SOLR-13619
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ishan Chattopadhyaya
> Assignee: Ishan Chattopadhyaya
> Priority: Major
> Fix For: 8.2
>
> Attachments: SOLR-13619.patch
>
>
> This is a spin off from SOLR-13472, specifically to tackle the Kerberos case.
> Here's the security.json to reproduce the same problem as of SOLR-13472:
> {code}
> {
> "authentication": {"class": "org.apache.solr.security.KerberosPlugin"},
> "authorization": {
> "class": "solr.RuleBasedAuthorizationPlugin",
> "permissions": [
> {
> "name": "read",
> "role": "*"
> },
> {
> "name": "update",
> "role": [
> "indexer",
> "admin"
> ]
> },
> {
> "name": "all",
> "role": "admin"
> }
> ],
> "user-role": {
> "HTTP/[email protected]": "admin",
> "HTTP/[email protected]": "admin",
> "[email protected]": "indexer"
> }
> }
> }
> {code}
> Here, [email protected] should be able to issue /update and /select requests
> to both solr1 and solr2, but it throws 403 for the node that doesn't host the
> collection.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
