[SOLR-13619] Kerberos: 403 when node doesn't host collection - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 8.2
Component/s: None
Labels:
None

Description

This is a spin off from ~~SOLR-13472~~, specifically to tackle the Kerberos case. Here's the security.json to reproduce the same problem as of ~~SOLR-13472~~:

{
 "authentication": {"class": "org.apache.solr.security.KerberosPlugin"},
 "authorization": {
   "class": "solr.RuleBasedAuthorizationPlugin",
   "permissions": [
     {
       "name": "read",
       "role": "*"
     },
     {
       "name": "update",
       "role": [
         "indexer",
         "admin"
       ]
     },
     {
       "name": "all",
       "role": "admin"
     }
   ],
   "user-role": {
     "HTTP/solr1@EXAMPLE.COM": "admin",
     "HTTP/solr2@EXAMPLE.COM": "admin",
     "client@EXAMPLE.COM": "indexer"
   }
 }
}

Here, client@EXAMPLE.COM should be able to issue /update and /select requests to both solr1 and solr2, but it throws 403 for the node that doesn't host the collection.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SOLR-13619.patch
15/Jul/19 09:37
13 kB
Ishan Chattopadhyaya

Issue Links

relates to

SOLR-13480 Collection creation failure when using Kerberos authentication combined with rule-base authorization

Resolved

links to

GitHub Pull Request #773

Activity

People

Assignee:: Ishan Chattopadhyaya

Reporter:: Ishan Chattopadhyaya

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 11/Jul/19 00:37

Updated:: 26/Jul/19 09:01

Resolved:: 15/Jul/19 12:40

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

10m