lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-12120) New plugin type AuditLoggerPlugin
Date Thu, 02 May 2019 21:26:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16831994#comment-16831994
] 

Jan Høydahl commented on SOLR-12120:
------------------------------------

We had quite many of this test failure:
{noformat}
Build: https://builds.apache.org/job/Lucene-Solr-Tests-8.x/173/

1 tests failed.
FAILED:  org.apache.solr.security.AuditLoggerIntegrationTest.testAsyncQueueDrain

Error Message:
Failed waiting for 3 callbacks after 30 seconds

Stack Trace:
java.lang.AssertionError: Failed waiting for 3 callbacks after 30 seconds
at __randomizedtesting.SeedInfo.seed([F4F92CA55A0CAED9:45E6D381EACF3D06]:0)
at org.junit.Assert.fail(Assert.java:88)
at org.apache.solr.security.AuditLoggerIntegrationTest.waitForAuditEventCallbacks(AuditLoggerIntegrationTest.java:229)
...{noformat}
The AuditLogger plugin was supposed to continue logging events on the async queue for up to
30 seconds, but once the last event was pulled from the queue, the wait loop would end and
shut down the thread, causing shutdown to happen after the last event was pulled from queue
but before it was fully logged.

The fix is to introduce an {{AtomicInteger auditsInFlight}} that keeps a count of in-flight
events and not shut down before it is 0.

> New plugin type AuditLoggerPlugin
> ---------------------------------
>
>                 Key: SOLR-12120
>                 URL: https://issues.apache.org/jira/browse/SOLR-12120
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>             Fix For: 8.1
>
>          Time Spent: 3h 10m
>  Remaining Estimate: 0h
>
> Solr needs a well defined plugin point to implement audit logging functionality, which
is independent from whatever {{AuthenticationPlugin}} or {{AuthorizationPlugin}} are in
use at the time.
> It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It could be
configured in solr.xml or it could be a third type of plugin defined in {{security.json}},
i.e.
> {code:java}
> {
>   "authentication" : { "class" : ... },
>   "authorization" : { "class" : ... },
>   "auditlogging" : { "class" : "x.y.MyAuditLogger", ... }
> }
> {code}
> We could then instrument SolrDispatchFilter to the audit plugin with an AuditEvent at
important points such as successful authentication:
> {code:java}
> auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, request)); 
> {code}
>  We will mark the impl as {{@lucene.experimental}} in the first release to let it settle
as people write their own plugin implementations.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message