Is it possible to secure a core?

Tue, 05 Oct 2021 01:20:14 -0700 

Hi

I have a basic instance of SOLR (8.10.0) running on Windows.

I'm using the RuleBasedAuthorizationPlugin for authorization and can't seem to 
figure out the configuration to allow me to secure a Core (as opposed to a 
Collection).

In the logs I see the following for a basic request (while authenticated as the 
nzor_user user)

http://dev-solr-02:8983/solr/config-test/select?indent=true&q.op=OR&q=*%3A*

2021-10-05 05:20:21.801 DEBUG (qtp320304382-18) [   x:config-test] 
o.a.s.s.RuleBasedAuthorizationPluginBase Attempting to authorize request to 
[/select] of type: [READ], associated with collections [[]]
2021-10-05 05:20:21.801 DEBUG (qtp320304382-18) [   x:config-test] 
o.a.s.s.RuleBasedAuthorizationPluginBase Authorizing collection-aware request, 
checking perms applicable to all (*) collections
2021-10-05 05:20:21.801 TRACE (qtp320304382-18) [   x:config-test] 
o.a.s.s.RuleBasedAuthorizationPluginBase Following perms are associated with 
collection

The request does not seem to be associated with a collection so it isn't 
resolving to the rule that I have set up for the config-test core.

  "authorization":{
    "class":"solr.RuleBasedAuthorizationPlugin",
    "permissions":[
      {
        "name":"permission-biota-read",
        "role":["role-biota-read"],
        "collection":["config-test"],
        "path":["*"],
        "params":{},
        "index":1,
        "method":["GET"]},
      {
        "name":"security-edit",
        "role":"admin",
        "index":2},
      {
        "name":"all",
        "role":["admin"],
        "index":3}],
    "user-role":{
      "solr":"admin",
      "nzor_user":["role-biota-read"]}

I guess after looking at the docs and a bit of Googling everything talks about 
collections so I'm wondering on a single (non-cloud) instance can I restrict 
access for users to only read a particular core?

Cheers
Mike

Mike Cochrane
IT SERVICES | INFORMATICS
Manaaki Whenua - Landcare Research
www.landcareresearch.co.nz<https://www.landcareresearch.co.nz/>
[cid:image001.png@01D7BA1D.0D76B3E0]


________________________________

Please consider the environment before printing this email
Warning: This electronic message together with any attachments is confidential. 
If you receive it in error: (i) you must not read, use, disclose, copy or 
retain it; (ii) please contact the sender immediately by reply email and then 
delete the emails.
The views expressed in this email may not be those of Landcare Research New 
Zealand Limited. http://www.landcareresearch.co.nz

Reply via email to