[jira] [Commented] (SOLR-9702) Authentication & Authorization based on Jetty security

Sun, 30 Oct 2016 07:36:07 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-9702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15620036#comment-15620036
 ] 

Thomas Quinot commented on SOLR-9702:
-------------------------------------

I see, thanks for the explanations! I guess this issue could be usefully 
reformulated into an actionable one by making it a suggestion for a Solr 
Auth/Authz plugin based on JAAS. We'd thus get a variety of backend options 
(including LDAP) for a single one-time development effort.

> Authentication & Authorization based on Jetty security
> ------------------------------------------------------
>
>                 Key: SOLR-9702
>                 URL: https://issues.apache.org/jira/browse/SOLR-9702
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 6.2.1
>            Reporter: Thomas Quinot
>
> (following up on comments initially posted on SOLR-7275).
> Back in Solr 4 days, user authentication could be handled by Jetty, and some 
> level of authorization could be implemented using request regexp rules. This 
> was explicitly documented in the SolrSecurity page:
> http://wiki.apache.org/solr/SolrSecurity?action=recall&rev=35#Jetty_realm_example
> In particular, authentication could thus be performed against a variety of 
> services implemented in Jetty, such as HashLoginService (mentioned explicitly 
> in the above documentation, tested in production, does work) or possibly 
> JAASLoginService, which in turn would open up the possibility to use a whole 
> range of auth services (in particular LDAP servers).
> I see that the usage of Jetty is now "an implementation detail". Does this 
> mean that the feature listed above is not supported anymore? (This is quite 
> unfortunate IMO, as even just the HashLoginService would be useful to 
> authenticate users against a database of UNIX crypt(3) passwords)
> The new login services that are apparently being reimplemented in Solr itself 
> seem to be much less flexible and limited.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to