[ https://issues.apache.org/jira/browse/SOLR-7274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14389945#comment-14389945 ]
Noble Paul commented on SOLR-7274: ---------------------------------- Let me give a thread dump of my thought process * We give an interface for an authentication plugin. The users can choose to use it or not use it (our default impl must use it) . All it does is , return an instance of java.security.Principal. Solr would just set it to {{request.setAttribute("java.security.Principal", principalObj)}}. * Solr would provide an interface the user can implement and we also give a mechanism to configure that. * If somebody wishes to implement this using a filter , they can still do the same without our plugin interface . Because, it just uses the servlet API. And, in that case they would NOT have an authentication plugin and we don't care . We only care about the request attribute * The authorization module would be passed the {{Principal}} and it can decide on how to authorize the {{Principal}} for the given request * Solr would give an API and a mechanism to configure the authorization plugin and . We will give a default impl for the same . > Pluggable authentication module in Solr > --------------------------------------- > > Key: SOLR-7274 > URL: https://issues.apache.org/jira/browse/SOLR-7274 > Project: Solr > Issue Type: Sub-task > Reporter: Anshum Gupta > > It would be good to have Solr support different authentication protocols. > To begin with, it'd be good to have support for kerberos and basic auth. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org