[
https://issues.apache.org/jira/browse/SOLR-7230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14358367#comment-14358367
]
Noble Paul commented on SOLR-7230:
----------------------------------
bq.This issue lacks a lot of context and high level end user focus.
Yes, you are right and it is done on purpose. This issue is targeted at
developers of actual security implementations
bq.I think time may be ripe for adding security and user login to stock Solr
I'm not sure if we should dilute our efforts by littering Solr source code with
users and credentials . It can be a heavy distraction . I believe that security
can be orthogonal to what we do other wise. Trying to provide a fast, super
scalable , reliable search system.
bq.What is your concrete use case that triggered this Jira, Noble?
We have customers asking for integrating with their preferred
authentication/authorization mechanism. At the same time, I don't want it to
preempt any alternate implementations which some other customers want. Believe
me, enterprise is a crazy heterogenous place with numerous different security
practices. We may not be able to satisfy everyone and at the same time. Hence,
there is a need for a implementation agnostic approach .
> An API to plugin security into Solr
> -----------------------------------
>
> Key: SOLR-7230
> URL: https://issues.apache.org/jira/browse/SOLR-7230
> Project: Solr
> Issue Type: New Feature
> Reporter: Noble Paul
>
> The objective is to define a API that a plugin can implement to protect
> various operations performed on Solr. It may have various implementations .
> Some built in and some external.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
