[jira] [Commented] (SOLR-9702) Authentication & Authorization based on Jetty security

Sat, 29 Oct 2016 15:43:06 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-9702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15618844#comment-15618844
 ] 

Hrishikesh Gadre commented on SOLR-9702:
----------------------------------------

bq. which in turn would open up the possibility to use a whole range of auth 
services (in particular LDAP servers).

I recently contributed LDAP authentication support in hadoop authentication 
framework (HADOOP-12082). SOLR-9513 is tracking the changes required to expose 
this functionality in Solr. May be you can use that ?

> Authentication & Authorization based on Jetty security
> ------------------------------------------------------
>
>                 Key: SOLR-9702
>                 URL: https://issues.apache.org/jira/browse/SOLR-9702
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 6.2.1
>            Reporter: Thomas Quinot
>
> (following up on comments initially posted on SOLR-7275).
> Back in Solr 4 days, user authentication could be handled by Jetty, and some 
> level of authorization could be implemented using request regexp rules. This 
> was explicitly documented in the SolrSecurity page:
> http://wiki.apache.org/solr/SolrSecurity?action=recall&rev=35#Jetty_realm_example
> In particular, authentication could thus be performed against a variety of 
> services implemented in Jetty, such as HashLoginService (mentioned explicitly 
> in the above documentation, tested in production, does work) or possibly 
> JAASLoginService, which in turn would open up the possibility to use a whole 
> range of auth services (in particular LDAP servers).
> I see that the usage of Jetty is now "an implementation detail". Does this 
> mean that the feature listed above is not supported anymore? (This is quite 
> unfortunate IMO, as even just the HashLoginService would be useful to 
> authenticate users against a database of UNIX crypt(3) passwords)
> The new login services that are apparently being reimplemented in Solr itself 
> seem to be much less flexible and limited.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to