我尝试将预定义权限与Solr security.json中的自定义权限相结合。这似乎不适用于Solr 7.1.0。
security.json:
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"user1":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
"user2":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"user-role":{"user1":"admin","user2":"user"}
"permissions":[{"name":"shard-management","role":"*","path":"/admin/collections","params":{"action":["CREATESHARD", "DELETESHARD"]}},
{"name":"collection-admin-edit","role":"admin"}],
}}
此配置尝试向用户1分配collection-admin-edit权限,并向{user}提供对CREATESHARD和DELETESHARD的访问权限。 (密码为" SolrRocks"对于两个用户,顺便说一句)
实际上,user2无法调用DELETESHARD:
o.a.s.s.RuleBasedAuthorizationPlugin This resource is configured to have a permission {
"name":"collection-admin-edit",
"role":"admin"}, The principal [principal: user2] does not have the right role
o.a.s.s.HttpSolrCall USER_REQUIRED auth header Basic dXNlcjI6U29sclJvY2tz context : userPrincipal: [[principal: user2]] type: [ADMIN], collections: [TeamSlide, TeamSlide,], Path: [/admin/collections] path : /admin/collections params :indent=true&action=DELETESHARD&shard=TestShard&collection=TestColl&wt=json
更改权限顺序时的结果相同。有什么方法可以解决这个问题吗?