[
https://issues.apache.org/jira/browse/SOLR-7692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14612838#comment-14612838
]
Noble Paul commented on SOLR-7692:
----------------------------------
Thanks for your comments
bq.This comment is misleading - probably left over from an earlier iteration.
The patch is Work in Progress . So the comments are from a former iteration
bq.Please add a test case that uses the salt when authenticating.
The test case indeed checks with salt. There will be a test w/o salt as well
bq. Do you think it would be reasonable to split out the dependency between
BasicAuthPlugin and ZkAuthentication
Yes, That is the plan . I've extracted separated the HTTP part and
authentication part to two distinct classes. You should be able to extend the
{{BasicAuthPlugin}} to provide your own Authentication impl
bq. The name might mislead users.
The names are subject to change. Suggestions are welcome
bq. can you separate out the 2 issues i.e. an authentication and an
authorization?
There are a bunch of sub-tasks required
1) Authentication
2) Authorization
3) API to manage the users/roles/permissions
> Implement BasicAuth based impl for the new Authentication/Authorization APIs
> ----------------------------------------------------------------------------
>
> Key: SOLR-7692
> URL: https://issues.apache.org/jira/browse/SOLR-7692
> Project: Solr
> Issue Type: New Feature
> Reporter: Noble Paul
> Assignee: Noble Paul
> Attachments: SOLR-7692.patch
>
>
> This involves various components
> h2. Authentication
> A basic auth based authentication filter. This should retrieve the user
> credentials from ZK. The user name and sha1 hash of password should be
> stored in ZK
> sample authentication json
> {code:javascript}
> {
> "authentication":{
> "class": "solr.BasicAuth",
> "users" :{
> "john" :{09fljnklnoiuy98 buygujkjnlk",
> "david":"f678njfgfjnklno iuy9865ty",
> "pete": "87ykjnklndfhjh8 98uyiy98",
> }
> }
> }
> {code}
> h2. authorization plugin
> This would store the roles of various users and their privileges in ZK
> sample authorization.json
> {code:javascript}
> {
> "authorization": {
> "class": "solr.ZKAuthorization",
> "roles" :{
> "admin" : ["john"]
> "guest" : ["john", "david","pete"]
> }
> "permissions": {
> "collectionadmin": {
> "roles": ["admin"]
> },
> "coreadmin":{
> "roles":["admin"]
> },
> "config-api": {
> //all collections
> "roles": ["admin"]
> },
> "schema-api": {
> "roles": ["admin"]
> },
> "update": {
> //all collections
> "roles": null
> },
> "query":{
> "roles":null
> },
> "mycoll_update": {
> "collection": "mycoll",
> "path":["/update/*"],
> "roles": ["somebody"]//create a dir called /keys/somebody and put in
> usr.pwd files
> }
> }
> }
> }
> {code}
> We will also need to provide APIs to create users and assign them roles
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
