[
https://issues.apache.org/jira/browse/SOLR-7274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14389945#comment-14389945
]
Noble Paul edited comment on SOLR-7274 at 4/1/15 3:55 AM:
----------------------------------------------------------
Let me give a thread dump of my thought process
* We give an interface for an authentication plugin. The users can choose to
use it or not use it (our basic impl must use it) . All it does is , return an
instance of java.security.Principal. Solr would just set it to
{{request.setAttribute("java.security.Principal", principalObj)}}.
* Solr would provide an interface the user can implement and we also give a
mechanism to configure that.
* If somebody wishes to implement this using a filter , they can still do the
same without our plugin interface . Because, it just uses the servlet API. And,
in that case they would NOT have an authentication plugin and Solr doesn't care
. It only only cares about the request attribute. We will NOT have to support
or document the filter mode. In the future, if we move away from a web
container, all the plugins implemented using our API will be back compatible
and we DO NOT have to offer any such guarantees to the filter based
implementations
* The authorization module would be passed the {{Principal}} and it can decide
on how to authorize the {{Principal}} for the given request
* Solr would give an API and a mechanism to configure the authorization plugin
and . Solr will give a basic impl for the same .
was (Author: noble.paul):
Let me give a thread dump of my thought process
* We give an interface for an authentication plugin. The users can choose to
use it or not use it (our default impl must use it) . All it does is , return
an instance of java.security.Principal. Solr would just set it to
{{request.setAttribute("java.security.Principal", principalObj)}}.
* Solr would provide an interface the user can implement and we also give a
mechanism to configure that.
* If somebody wishes to implement this using a filter , they can still do the
same without our plugin interface . Because, it just uses the servlet API. And,
in that case they would NOT have an authentication plugin and we don't care .
We only care about the request attribute
* The authorization module would be passed the {{Principal}} and it can decide
on how to authorize the {{Principal}} for the given request
* Solr would give an API and a mechanism to configure the authorization plugin
and . We will give a default impl for the same .
> Pluggable authentication module in Solr
> ---------------------------------------
>
> Key: SOLR-7274
> URL: https://issues.apache.org/jira/browse/SOLR-7274
> Project: Solr
> Issue Type: Sub-task
> Reporter: Anshum Gupta
>
> It would be good to have Solr support different authentication protocols.
> To begin with, it'd be good to have support for kerberos and basic auth.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]