[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14655245#comment-14655245
]
Ishan Chattopadhyaya commented on SOLR-7849:
--------------------------------------------
+1, looks great!
Here are some minor issues:
1.
{noformat}
private void addHttpConfigurer(Object authcPlugin) {
...
log.info("Reconfiguring the shard handler factory and update shard
handler.");
{noformat}
Can we change it to:
{noformat}
log.info("Reconfiguring the httpclients of shard handler factory and
update shard handler.");
{noformat}
2.
{noformat}
private void addHttpConfigurer(Object authcPlugin) {
log.info("addHttpConfigurer()");//TODO no commit
{noformat}
I don't see any reason for the nocommit here. Is there something missing still?
3.
I think in SDF's `doFilter()`,
{noformat}
if (cores.getAuthenticationPlugin() != null) {
{noformat}
should be
{noformat}
if (cores != null && cores.getAuthenticationPlugin() != null) {
{noformat}
This is for those requests that come in even before the init() has finished
execution.
4. In PKIAuthenticationPlugin,
{noformat}
private int maxValidity = 5000;
{noformat}
Am I correct in my understanding that the received internode request's
timestamp and current timestamp shouldn't be more than this maxValidity? If
that's true, I think an out of the box default of 5 secs is too less. Also,
shouldn't this be configurable?
> Secure Inter-node communication in a standard mechanism
> --------------------------------------------------------
>
> Key: SOLR-7849
> URL: https://issues.apache.org/jira/browse/SOLR-7849
> Project: Solr
> Issue Type: Sub-task
> Reporter: Noble Paul
> Assignee: Noble Paul
> Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
> SOLR-7849.patch
>
>
> Relying on every Authentication plugin to secure the internode communication
> is error prone. Solr can standardize the authentication so that only the
> first request that comes from outside the cluster needs to be authenticated
> by the authentication plugin
> The scheme to protect the communication will be as follows
> * Every Solr node creates a an RSA key pair
> * The private key is kept private and the public key is made available
> through a core admin API
> * If authentication is enabled , every outgoing request will carry an extra
> header {{ SolrAuth : <nodename>
> encrypt_with_pvt_key(<original-user-principal> <timestamp>) }}
> * If authentication is enabled {{SolrDispatchFilter}} would look for this
> header and see the nodename
> ** If the public key of the nodename is available in cache , make a request
> to the node and fetch the public key
> ** If the public key has changed (because of a server restart) decryption
> fails and the public keyis fetched again
> * If the decryption succeeds , the user-name is set to what the header has
> encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
