[jira] [Commented] (SOLR-15296) Provide allowlisting mechanism in the auth plugin to ignore paths like login

Wed, 25 Aug 2021 07:40:04 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-15296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17404521#comment-17404521
 ] 

Gus Heck commented on SOLR-15296:
---------------------------------

12.1 Use of URL Paths
Upon receipt of a client request, the Web container determines the Web 
application 
to which to forward it. The Web application selected must have the longest 
context 
path that matches the start of the request URL. 

 

So if Yasa is it's own web app in Jetty, and not inserted into solr's context, 
it should have control of its own filtering/security and be unaffected by 
anything solr is doing.  Ideally we would have only a separate /login context 
for login stuff regardless of what UI, and a re-usable security filter to apply 
authentication to whichever contexts we wished to secure. Example of using 
contexts in this way: https://github.com/nsoft/ns-login

> Provide allowlisting mechanism in the auth plugin to ignore paths like login
> ----------------------------------------------------------------------------
>
>                 Key: SOLR-15296
>                 URL: https://issues.apache.org/jira/browse/SOLR-15296
>             Project: Solr
>          Issue Type: Wish
>          Components: Authorization, Plugin system
>            Reporter: Zhenxu Ke
>            Assignee: David Eric Pugh
>            Priority: Major
>
> I'm recently working (with [~epugh] ) on YASA to make it work under the auth 
> plugins.
>  
> I saw in the codes that the authenticator allowlists the Admin login path 
> `{{/solr/` explicitly}}, while for YASA, its path must start with `{{/v2`}} , 
> not matching the whitelisted paths and will be intercepted, hence the login 
> page won't be reached and redirected, I also didn't find a allowlisting 
> mechanism in the JWT auth plugin, and 
> [RBAP|https://nightlies.apache.org/Solr/Solr-reference-guide-main/rule-based-authorization-plugin.html]
>  doesn't seem to fit this case either. So I'm wondering if it's possible to 
> provide allowlisting mechanism in the JWT auth plugin, so that users can 
> configure the login paths for plugins like YASA to work?
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to