SOLR-18102: Fix Admin UI serving issue with basic auth (#4110)

gerlowskija · janhoy · claude · web-flow · commit cd4410da164c · 2026-02-06T16:01:34.000-05:00
Co-authored-by: Jan Høydahl &lt;janhoy@apache.org&gt;
Co-authored-by: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java
@@ -602,7 +602,7 @@ public static boolean shouldAudit(CoreContainer cores, AuditEvent.EventType even
   private boolean shouldAuthorize() {
     if (PublicKeyHandler.PATH.equals(path)) return false;
     // admin/info/key is the path where public key is exposed . it is always unsecured
-    if ("/".equals(path) || "/solr/".equals(path))
+    if (StrUtils.isNullOrEmpty(path) || "/".equals(path) || "/solr/".equals(path))
       return false; // Static Admin UI files must always be served
     if (cores.getPkiAuthenticationSecurityBuilder() != null && req.getUserPrincipal() != null) {
       boolean b = cores.getPkiAuthenticationSecurityBuilder().needsAuthorization(req);
diff --git a/solr/packaging/test/test_basic_auth.bats b/solr/packaging/test/test_basic_auth.bats
@@ -91,3 +91,9 @@ run solr create -c COLL_NAME
   #assert_output --partial "Deployment successful"
   #refute_output --partial "Invalid collection"
 }
+
+@test "admin UI static content is excepted from basic auth" {
+  run curl -I -s http://localhost:${SOLR_PORT}/solr/
+  assert_output --partial "HTTP/1.1 200"
+  assert_output --partial "Content-Type: text/html"
+}
