Jan Høydahl created SOLR-12120:
----------------------------------
Summary: New plugin type AuditLoggerPlugin
Key: SOLR-12120
URL: https://issues.apache.org/jira/browse/SOLR-12120
Project: Solr
Issue Type: New Feature
Security Level: Public (Default Security Level. Issues are Public)
Components: security
Reporter: Jan Høydahl
Solr needs a well defined plugin point to implement audit logging
functionality, which is independent from whatever {{AuthenticationPlugin}} or
{{AuthorizationPlugin}} are in use at the time.
It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It
could be configured in solr.xml or it could be a third type of plugin defined
in {{security.json}}, i.e.
{code:java}
"authentication" : { "class" : ... }
"authorization" : { "class" : ... }
"auditlogging" : { "class" : "x.y.MyAuditLogger", ... }{code}
We could then instrument SolrDispatchFilter to call
{{auditlogger.authenticationFailed(request, response, msg)}} if auth failed and
the request is going to be aborted, and likewise HttpSolrCall could call
relevant methods when a final autz decision is made, e.g.
{{auditlogger.notAuthorized(authCtx, request, response)}}, and if all is OK, it
could call {{auditlogger.ok()}} for success logging.
If no auditlogger is explicitly configured, we can fallback to a default
{{SolrLogAuditLogger}} that logs to standard Solr log, or we could setup log4j
to output a new {{logs/audit.log}} file.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
