I am using Solr version 8.5.1 as a standalone application and would like to secure the solr dashboard UI with basic auth. I know that there is a built-in basic auth with security.json but when I do that all the select query url that is called from my application got blocked also. I want to leave the query urls open but only secure the dashboard. Is this possible?
I am using basic security.json setup found on https://lucene.apache.org/solr/guide/8_5/basic-authentication-plugin.html#basic-authentication-plugin
EDIT: I saw this page How can I secure Solr 5.3.1 only admin pages but adding authentication in jetty.xml and web.xml doesn't seem to work anymore with version 8.5.1
read
permission gives read access to most features by default, but adding a custom rule with/select
that doesn't require authentication should be possible, then having password authentication for all other endpoints. The example given under permission ordering resolution should be close to what you want. lucene.apache.org/solr/guide/8_5/… – MatsLindhblockUnknown
to false, then add a rule that blocks everything -blockUnknown
is in relation to those request that doesn't match any of your rules (All requests w/o credentials will be rejected with a 401 error. Set 'blockUnknown' to false (or remove it altogether) if you wish to let unauthenticated requests to go through. However, if a particular resource is protected by a rule, they are rejected anyway with a 401 error.) – MatsLindh