[jira] [Created] (SOLR-18010) Adding a new role corrupts security.json file

Tue, 02 Dec 2025 02:42:07 -0800 

Rich M created SOLR-18010:
-----------------------------

             Summary: Adding a new role corrupts security.json file
                 Key: SOLR-18010
                 URL: https://issues.apache.org/jira/browse/SOLR-18010
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
          Components: SolrCLI
    Affects Versions: 9.8.1
         Environment: Windows

Solr 9.8.1
            Reporter: Rich M
         Attachments: image-2025-12-02-16-09-45-876.png

Do following steps after installing Solr.

*Step 1:*
Create a new security.json at \solr-9.8.0\server\solr\ with following contents:
(same as given here - 
https://solr.apache.org/guide/solr/latest/deployment-guide/authentication-and-authorization-plugins.html#configuring-security-json)
{code:java}
{
"authentication":{
   "class":"solr.BasicAuthPlugin",
   "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= 
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
"authorization":{
   "class":"solr.RuleBasedAuthorizationPlugin",
   "permissions":[{"name":"security-edit",
      "role":"admin"}],
   "user-role":{"solr":"admin"}
}}{code}
Step 2:
Login with solr user, password - SolrRocks
Go to 'Security'
create a new role with a new role

Error below appears and security.json gets corrupted.

!image-2025-12-02-16-09-45-876.png|width=550,height=246!


The json automatically gets updated to:
{code:java}
{
  "authentication":{
    "class":"solr.BasicAuthPlugin",
    "credentials":{
      "solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= 
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
      "test1":"VF04APKPG4SRcJ8iuBrC37xMsZO3mYm5b+vsvsqIuwQ= 
g0N/69rk7g/U3L3PZO3zsed5txIfdO0G0/Iyzoru+1I="},
    "":{"v":0}},
  "authorization":{
    "class":"solr.RuleBasedAuthorizationPlugin",
    "permissions":[
      {
        "name":"security-edit",
        "role":"admin",
        "index":1},
      {
        "name":"collection-admin-read",
        "role":["all-read-only"],
        "index":2},
      {
        "name":"config-read",
        "role":["all-read-only"],
        "index":3}],
    "user-role":{
      "solr":"admin",
      "test1":["all-read-only"]},
    "":{"v":0}}}0}}}{code}
and this is not a valid json anymore.

As a result, the 'solr' user is not usable anymore.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to