Hrishikesh Gadre created SOLR-11623:
---------------------------------------
Summary: Every request handler in Solr should implement
PermissionNameProvider interface
Key: SOLR-11623
URL: https://issues.apache.org/jira/browse/SOLR-11623
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Affects Versions: 7.1
Reporter: Hrishikesh Gadre
Solr authorization framework expects request handler to implement
PermissionNameProvider interface so that the type of the permission for the
request can be extracted. Currently not all request handlers implement
PermissionNameProvider, requiring authorization plugin implementation to check
this case explicitly and return OK. During code review of SENTRY-1475, this
issue was discussed. Since PermissionNameProvider.Name enum provides "ALL"
permission type, it should be possible to have every request handler to
implement PermissionNameProvider interface and provide "ALL" permission type if
no authorization checks are necessary.
The secondary benefit of this work would be that we can review all the request
handlers and ensure that we aren't missing authorization support for any
request handlers which provide sensitive information.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
