lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hrishikesh Gadre (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-9702) Authentication & Authorization based on Jetty security
Date Sat, 29 Oct 2016 22:42:58 GMT

    [ https://issues.apache.org/jira/browse/SOLR-9702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15618844#comment-15618844
] 

Hrishikesh Gadre commented on SOLR-9702:
----------------------------------------

bq. which in turn would open up the possibility to use a whole range of auth services (in
particular LDAP servers).

I recently contributed LDAP authentication support in hadoop authentication framework (HADOOP-12082).
SOLR-9513 is tracking the changes required to expose this functionality in Solr. May be you
can use that ?

> Authentication & Authorization based on Jetty security
> ------------------------------------------------------
>
>                 Key: SOLR-9702
>                 URL: https://issues.apache.org/jira/browse/SOLR-9702
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 6.2.1
>            Reporter: Thomas Quinot
>
> (following up on comments initially posted on SOLR-7275).
> Back in Solr 4 days, user authentication could be handled by Jetty, and some level of
authorization could be implemented using request regexp rules. This was explicitly documented
in the SolrSecurity page:
> http://wiki.apache.org/solr/SolrSecurity?action=recall&rev=35#Jetty_realm_example
> In particular, authentication could thus be performed against a variety of services implemented
in Jetty, such as HashLoginService (mentioned explicitly in the above documentation, tested
in production, does work) or possibly JAASLoginService, which in turn would open up the possibility
to use a whole range of auth services (in particular LDAP servers).
> I see that the usage of Jetty is now "an implementation detail". Does this mean that
the feature listed above is not supported anymore? (This is quite unfortunate IMO, as even
just the HashLoginService would be useful to authenticate users against a database of UNIX
crypt(3) passwords)
> The new login services that are apparently being reimplemented in Solr itself seem to
be much less flexible and limited.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message