[
https://issues.apache.org/jira/browse/SOLR-11781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16406331#comment-16406331
]
Jan Høydahl commented on SOLR-11781:
------------------------------------
The code in HttpSolrCall
{code:java}
.getAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME){code}
...looks messy as it references a concrete autz implementation. Could you move
the {{public static final String IMPERSONATOR_USER_NAME =
"solr.impersonator.user.name";}} and perhaps other generic key definitions
related to DelegationTokens from KerberosPlugin to some other class which is
not tied to a particular implementation? Or if DT will only ever be used by
Kerberos, then find some more generic way to pass context information in the
AuthorizationContext.
This change also does not have any unit tests (probably since the only user is
non-solr code)? Think about how the new code could be tested in some way.
> Pass impersonator info to the authorization plugin
> --------------------------------------------------
>
> Key: SOLR-11781
> URL: https://issues.apache.org/jira/browse/SOLR-11781
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 7.0
> Reporter: Hrishikesh Gadre
> Priority: Minor
> Attachments: SOLR-11781-00.patch
>
>
> SENTRY-1475 implemented Solr authorization plugin based on Sentry. This also
> includes the audit log functionality in Sentry. Currently authorization
> context is not providing the impersonator information which is required for
> the audit logs. We should improve Solr authorization framework to pass this
> extra information.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
