[
https://issues.apache.org/jira/browse/SOLR-7275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14494837#comment-14494837
]
Anshum Gupta edited comment on SOLR-7275 at 4/14/15 8:44 PM:
-------------------------------------------------------------
I'm just trying to keep custom plugin config for security separate from other
configuration. About merging authc and authz configs, that was on my mind and I
plan to do it when I'm integrating the changes here with SOLR-7274.
Let's consider an example of a user wanting to use some proprietary non-json
format data in a custom security plugin, to store access rules. There wouldn't
be a way to do that. I am all for exploring more options if there are any as
long as they don't stop users from doing their own thing.
I can have a straight mechanism to just read the {{authorization}} part of
{{/security.json}} and pass that map to the plugin during init instead of the
plugin reading from a file directly, but then instead of the security plugin
deciding if it wants to keep a watch on the file, Solr would always keep a
watch (when authz is enabled). In cases where access rules don't reside in zk
and are in a 3rd party system, we don't want to keep a watch. Allowing the
plugin to make that choice might be a better way to move.
I'm about to separate out the implementation of default/OTB plugin from this
JIRA and I guess things would be clearer for everyone to understand after that
happens.
was (Author: anshumg):
I'm just trying to keep custom plugin config for security separate from other
configuration. About merging authc and authz configs, that was on my mind and I
plan to do it when I'm integrating the changes here with SOLR-7274.
Let's consider an example of a user wanting to use some proprietary non-json
format data in a custom security plugin, to store access rules. There wouldn't
be a way to do that. I am all for exploring more options if there are any as
long as they don't stop users from doing their own thing.
I can have a straight mechanism to just read the {authorization} part of
{/security.json} and pass that map to the plugin during init instead of the
plugin reading from a file directly, but then instead of the security plugin
deciding if it wants to keep a watch on the file, Solr would always keep a
watch (when authz is enabled). In cases where access rules don't reside in zk
and are in a 3rd party system, we don't want to keep a watch. Allowing toe
plugin to make that choice might be a better way to move.
I'm about to separate out the implementation of default/OTB plugin from this
JIRA and I guess things would be clearer for everyone to understand after that
happens.
> Pluggable authorization module in Solr
> --------------------------------------
>
> Key: SOLR-7275
> URL: https://issues.apache.org/jira/browse/SOLR-7275
> Project: Solr
> Issue Type: Sub-task
> Reporter: Anshum Gupta
> Assignee: Anshum Gupta
> Attachments: SOLR-7275.patch
>
>
> Solr needs an interface that makes it easy for different authorization
> systems to be plugged into it. Here's what I plan on doing:
> Define an interface {{SolrAuthorizationPlugin}} with one single method
> {{isAuthorized}}. This would take in a {{SolrRequestContext}} object and
> return an {{SolrAuthorizationResponse}} object. The object as of now would
> only contain a single boolean value but in the future could contain more
> information e.g. ACL for document filtering etc.
> The reason why we need a context object is so that the plugin doesn't need to
> understand Solr's capabilities e.g. how to extract the name of the collection
> or other information from the incoming request as there are multiple ways to
> specify the target collection for a request. Similarly request type can be
> specified by {{qt}} or {{/handler_name}}.
> Flow:
> Request -> SolrDispatchFilter -> isAuthorized(context) -> Process/Return.
> {code}
> public interface SolrAuthorizationPlugin {
> public SolrAuthorizationResponse isAuthorized(SolrRequestContext context);
> }
> {code}
> {code}
> public class SolrRequestContext {
> UserInfo; // Will contain user context from the authentication layer.
> HTTPRequest request;
> Enum OperationType; // Correlated with user roles.
> String[] CollectionsAccessed;
> String[] FieldsAccessed;
> String Resource;
> }
> {code}
> {code}
> public class SolrAuthorizationResponse {
> boolean authorized;
> public boolean isAuthorized();
> }
> {code}
> User Roles:
> * Admin
> * Collection Level:
> * Query
> * Update
> * Admin
> Using this framework, an implementation could be written for specific
> security systems e.g. Apache Ranger or Sentry. It would keep all the security
> system specific code out of Solr.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
