[
https://issues.apache.org/jira/browse/SOLR-7692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14628287#comment-14628287
]
Ishan Chattopadhyaya commented on SOLR-7692:
--------------------------------------------
Would it make sense to split out the authc/authz framework changes and the
plugins themselves into two separate issues? I think doing so will make it
easier to follow the patches.
Can we rename TestZkAuthentication to something more appropriate? It gives an
impression that this is a test for ZK authentication, whereas it is actually a
test suite for an authentication plugin that uses ZK as backing store.
I haven't looked into the patch in great detail, but is it possible to drop the
"ZK" part from the naming of the plugins and make ZK as one of many possible
(and configurable) sources for credential stores for these plugins based on
basicauth?
> Implement BasicAuth based impl for the new Authentication/Authorization APIs
> ----------------------------------------------------------------------------
>
> Key: SOLR-7692
> URL: https://issues.apache.org/jira/browse/SOLR-7692
> Project: Solr
> Issue Type: New Feature
> Reporter: Noble Paul
> Assignee: Noble Paul
> Attachments: SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch,
> SOLR-7692.patch
>
>
> This involves various components
> h2. Authentication
> A basic auth based authentication filter. This should retrieve the user
> credentials from ZK. The user name and sha1 hash of password should be
> stored in ZK
> sample authentication json
> {code:javascript}
> {
> "authentication":{
> "class": "solr.BasicAuthPlugin",
> "users" :{
> "john" :"09fljnklnoiuy98 buygujkjnlk",
> "david":"f678njfgfjnklno iuy9865ty",
> "pete": "87ykjnklndfhjh8 98uyiy98",
> }
> }
> }
> {code}
> h2. authorization plugin
> This would store the roles of various users and their privileges in ZK
> sample authorization.json
> {code:javascript}
> {
> "authorization": {
> "class": "solr.ZKAuthorization",
> "roles" :{
> "admin" : ["john"]
> "guest" : ["john", "david","pete"]
> }
> "permissions": {
> "collection-edit": {
> "role": "admin"
> },
> "coreadmin":{
> "role":"admin"
> },
> "config-edit": {
> //all collections
> "role": "admin",
> "method":"POST"
> },
> "schema-edit": {
> "roles": "admin",
> "method":"POST"
> },
> "update": {
> //all collections
> "role": "dev"
> },
> "mycoll_update": {
> "collection": "mycoll",
> "path":["/update/*"],
> "role": ["somebody"]
> }
> }
> }
> }
> {code}
> We will also need to provide APIs to create users and assign them roles
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
