我已经使用jwtauthtplugin保护了solr(8.7.0),因此我可以从auth使用aad。我想将healthcheck指标列入白名单。我收到了所有被列入白名单的申请的401。我可以使用aad登录solr admin
这是我的security.json
{
"authentication": {
"class": "solr.JWTAuthPlugin",
"blockUnknown": false,
"wellKnownUrl": "https://login.microsoftonline.com/myTenant/v2.0/.well-known/openid-configuration",
"clientId": "myClientId",
"adminUiScope": "openid api://myAPIid/solr"
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[ {
"collection": null,
"name": "healthcheckv2",
"path": "/api/node/health",
"role": null
}, {
"collection": null,
"name": "healthcheckv1",
"path": "/solr/admin/info/health",
"role": null
}, {
"collection": null,
"name": "infosystem",
"path": "/solr/admin/info/system",
"role": null
}, {
"collection": null,
"name": "metrics",
"path": "/admin/metrics",
"role": null
}, {
"name": "security-edit",
"role": "admin"
}, {
"name": "collection-admin-edit",
"role": "admin"
}, {
"name": "core-admin-edit",
"role": "admin"
}, {
"name": "all",
"role": "*"
}],
"user-role": {
"solr": "admin"
}
}
}
我错过了什么?
谢谢
1条答案
按热度按时间ef1yzkbh1#
调试solr后,rulecontainer似乎重写了运行状况检查的路径:
2021-06-14 18:19:52.941调试(qtp1581267786-21)[]o.e.j.r.h.rulecontainer重写/api/node/health到/solr/__uv2/node/health
因此,我们需要相应地调整许可: