Thomas Quinot created SOLR-9702:
-----------------------------------
Summary: Authentication & Authorization based on Jetty security
Key: SOLR-9702
URL: https://issues.apache.org/jira/browse/SOLR-9702
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: security
Affects Versions: 6.2.1
Reporter: Thomas Quinot
(following up on comments initially posted on SOLR-7275).
Back in Solr 4 days, user authentication could be handled by Jetty, and some
level of authorization could be implemented using request regexp rules. This
was explicitly documented in the SolrSecurity page:
http://wiki.apache.org/solr/SolrSecurity?action=recall&rev=35#Jetty_realm_example
In particular, authentication could thus be performed against a variety of
services implemented in Jetty, such as HashLoginService (mentioned explicitly
in the above documentation, tested in production, does work) or possibly
JAASLoginService, which in turn would open up the possibility to use a whole
range of auth services (in particular LDAP servers).
I see that the usage of Jetty is now "an implementation detail". Does this mean
that the feature listed above is not supported anymore? (This is quite
unfortunate IMO, as even just the HashLoginService would be useful to
authenticate users against a database of UNIX crypt(3) passwords)
The new login services that are apparently being reimplemented in Solr itself
seem to be much less flexible and limited.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
