[jira] [Commented] (SOLR-7755) An API to edit the security params

Mon, 06 Jul 2015 08:22:38 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-7755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14615159#comment-14615159
 ] 

Ishan Chattopadhyaya commented on SOLR-7755:
--------------------------------------------

Why does this need to be an endpoint in Solr? Can't all this be a wrapper 
around the /security.json in ZK and made available as a command line tool 
similar to zkcli?
The reason I think this shouldn't be an endpoint in Solr is that an admin might 
want to plan and setup security parameters in a cluster even before starting 
Solr. Also, authc/authz plugins in an already started up Solr cluster can add 
watches to the /security.json in ZK to monitor changes made through such a 
command line tool. That way, this API or "framework" wouldn't need to know what 
all to expect (i.e. "create-permission" or "add-user" or anything plugin 
specific). 

Another challenge, that comes to mind, with having an endpoint like this: how 
would we secure this endpoint itself?

Thoughts, [~anshumg]?

> An API to edit the security params
> ----------------------------------
>
>                 Key: SOLR-7755
>                 URL: https://issues.apache.org/jira/browse/SOLR-7755
>             Project: Solr
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>
> example
> {code}
> curl http://localhost:8983/solr/admin/authorization -H 
> 'Content-type:application/json' -d '{
> "add-user" : {"name" : "tom", 
>              "role": ["admin","dev"]
>              },
> "create-permission" :{"name":"mycoll-update",
>                       "before" :"some-other-permission",
>                       "path":"/update/*"
>                       "role":["dev","admin"]
>                       }
> }'
> {code}
> Please note that the set of parameters required for a basic ZK based impl 
> will be completely different from that of a Kerberos implementation. However 
> the framework would remain the same. The end point will remain the same, 
> though



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to