lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noble Paul (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SOLR-7838) Implement a RuleBasedAuthorizationPlugin
Date Fri, 07 Aug 2015 03:44:45 GMT

     [ https://issues.apache.org/jira/browse/SOLR-7838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Noble Paul updated SOLR-7838:
-----------------------------
    Description: 
h2. authorization plugin

This would store the roles of various users and their privileges in ZK

sample authorization.json

{code:javascript}
{
  "authorization": {
    "class": "solr.ZKAuthorization",
   "roles" :{
  "john" : ["admin"]
  "david" : ["guest","dev"]
   }
    "permissions": {
       "collection-edit": {
         "role": "admin" 
       },
       "coreadmin":{
         "role":"admin"
       },
       "config-edit": {
         //all collections
         "role": "admin",
         "method":"POST"
       },
       "schema-edit": {
         "roles": "admin",
         "method":"POST"
       },
       "update": {
         //all collections
         "role": "dev"
       },
      "mycoll_update": {
        "collection": "mycoll",
        "path":["/update/*"],
        "role": ["somebody"]
      }
    }
  }
}
{code} 
This also supports editing of the configuration through APIs
Example 1: add or remove roles

{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{ 

  "set-user-role": {"tom":["admin","dev"},

  "set-user-role": {"harry":null}

}'
{code}
 

Example 2: add or remove permissions


{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d
'{ 

  "set-permission": { "name":"a-custom-permission-name",

                      "collection":"gettingstarted",

                      "path":"/handler-name",

                      "before": "name-of-another-permission"

   },

 "delete-permission":"permission-name"

}'
{code}
Please note that you have to replace the whole permission each time it is edited. The API
does not support editing one property at a time. Use the 'before' property to re-order your
permissions

Example 3: Restrict collection admin operations (writes only) to be performed by an admin
only

{code}
curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{

"set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'

{code}

> Implement a RuleBasedAuthorizationPlugin
> ----------------------------------------
>
>                 Key: SOLR-7838
>                 URL: https://issues.apache.org/jira/browse/SOLR-7838
>             Project: Solr
>          Issue Type: Sub-task
>            Reporter: Noble Paul
>
> h2. authorization plugin
> This would store the roles of various users and their privileges in ZK
> sample authorization.json
> {code:javascript}
> {
>   "authorization": {
>     "class": "solr.ZKAuthorization",
>    "roles" :{
>   "john" : ["admin"]
>   "david" : ["guest","dev"]
>    }
>     "permissions": {
>        "collection-edit": {
>          "role": "admin" 
>        },
>        "coreadmin":{
>          "role":"admin"
>        },
>        "config-edit": {
>          //all collections
>          "role": "admin",
>          "method":"POST"
>        },
>        "schema-edit": {
>          "roles": "admin",
>          "method":"POST"
>        },
>        "update": {
>          //all collections
>          "role": "dev"
>        },
>       "mycoll_update": {
>         "collection": "mycoll",
>         "path":["/update/*"],
>         "role": ["somebody"]
>       }
>     }
>   }
> }
> {code} 
> This also supports editing of the configuration through APIs
> Example 1: add or remove roles
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{ 
>   "set-user-role": {"tom":["admin","dev"},
>   "set-user-role": {"harry":null}
> }'
> {code}
>  
> Example 2: add or remove permissions
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'-d
'{ 
>   "set-permission": { "name":"a-custom-permission-name",
>                       "collection":"gettingstarted",
>                       "path":"/handler-name",
>                       "before": "name-of-another-permission"
>    },
>  "delete-permission":"permission-name"
> }'
> {code}
> Please note that you have to replace the whole permission each time it is edited. The
API does not support editing one property at a time. Use the 'before' property to re-order
your permissions
> Example 3: Restrict collection admin operations (writes only) to be performed by an admin
only
> {code}
> curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json'
-d '{
> "set-permission" : {"name":"collection-admin-edit", "role":"admin"}}'
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message