Hi
Solr's admin UI uses the same API layer as query clients. So there is no way to
limit "just the UI" per se.
Of course you can let /select and /update be totally un-authenticated and just
protect various admin APIs, that's probably what you are looking for?
I'd recommed you enable auth using the command line
bin/solr auth enable --credentials foo:bar
That will install a default security.json with some decent settings.
Then you open Admin UI logging in as the foo user, go to the Security Admin
page and start modifying the security settings using the UI. You'd probably
want to remove the "all" rule at the end of the chain and also remove the
"read" rule, and also flip the blockUnknown to false so that you do not require
authentication unless there is a rule for it.
Jan
> 17. sep. 2024 kl. 12:18 skrev Mugi, Krishnavamsireddy
> <krishnavamsireddy.m...@paramount.com>:
>
> Hi Team,
>
> I am trying to enable authentication for my local solr admin console using
> basic auth plugin, Below is the configuration I am following in the
> security.json file.
>
> {
> "authentication": {
> "blockUnknown": true,
> "class": "solr.BasicAuthPlugin",
> "credentials": {
> "admin": "IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
> Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
> },
> "realm": "My Solr users",
> "forwardCredentials": false
> },
> "authorization": {
> "class": "solr.RuleBasedAuthorizationPlugin",
> "permissions": [
> {
> "name": "security-edit",
> "role": "admin"
> }
> ],
> "user-role": {
> "admin": "admin"
> }
> }
> }
>
> This configuration is working fine, But it is restricting me to access
> /select queries also and asking for authentication. I just want to enable
> authentication to my admin console, I don't want to restrict end users to
> query my solr. How can I do that? Can anyone help me on the configuration
> please?
>
> Thanks&Regards
> KrishnaVamsi
