[ https://issues.apache.org/jira/browse/SOLR-15296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17404521#comment-17404521 ]
Gus Heck commented on SOLR-15296: --------------------------------- 12.1 Use of URL Paths Upon receipt of a client request, the Web container determines the Web application to which to forward it. The Web application selected must have the longest context path that matches the start of the request URL. So if Yasa is it's own web app in Jetty, and not inserted into solr's context, it should have control of its own filtering/security and be unaffected by anything solr is doing. Ideally we would have only a separate /login context for login stuff regardless of what UI, and a re-usable security filter to apply authentication to whichever contexts we wished to secure. Example of using contexts in this way: https://github.com/nsoft/ns-login > Provide allowlisting mechanism in the auth plugin to ignore paths like login > ---------------------------------------------------------------------------- > > Key: SOLR-15296 > URL: https://issues.apache.org/jira/browse/SOLR-15296 > Project: Solr > Issue Type: Wish > Components: Authorization, Plugin system > Reporter: Zhenxu Ke > Assignee: David Eric Pugh > Priority: Major > > I'm recently working (with [~epugh] ) on YASA to make it work under the auth > plugins. > > I saw in the codes that the authenticator allowlists the Admin login path > `{{/solr/` explicitly}}, while for YASA, its path must start with `{{/v2`}} , > not matching the whitelisted paths and will be intercepted, hence the login > page won't be reached and redirected, I also didn't find a allowlisting > mechanism in the JWT auth plugin, and > [RBAP|https://nightlies.apache.org/Solr/Solr-reference-guide-main/rule-based-authorization-plugin.html] > doesn't seem to fit this case either. So I'm wondering if it's possible to > provide allowlisting mechanism in the JWT auth plugin, so that users can > configure the login paths for plugins like YASA to work? > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org