[
https://issues.apache.org/jira/browse/SOLR-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl updated SOLR-7890:
------------------------------
Attachment: SOLR-7890.patch
First patch with tests that succeed. It requires the "solr backend" credentials
for ZK in order to show content in the ZK tree browser for the protected nodes
(configurable).
If a non-backed user tries to access, the node will be seen but {{*** ZNODE
DATA PROTECTED ***}} will be displayed in place of the content.
> By default require admin rights to access /security.json in ZK
> --------------------------------------------------------------
>
> Key: SOLR-7890
> URL: https://issues.apache.org/jira/browse/SOLR-7890
> Project: Solr
> Issue Type: Sub-task
> Components: security
> Reporter: Jan Høydahl
> Fix For: Trunk
>
> Attachments: SOLR-7890.patch
>
>
> Perhaps {{VMParamsAllAndReadonlyDigestZkACLProvider}} should by default
> require admin access for read/write of {{/security.json}}, and other
> sensitive paths. Today this is left to the user to implement.
> Also, perhaps factor out the already-known sensitive paths into a separate
> class, so that various {{ACLProvider}} implementations can get a list of
> paths that should be admin-only, read-only etc from one central place. Then
> 3rd party impls pulling ZK creds from elsewhere will still do the right thing
> in the future if we introduce other sensitive Znodes...
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
