[ https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl reassigned SOLR-12120: ---------------------------------- Assignee: Jan Høydahl > New plugin type AuditLoggerPlugin > --------------------------------- > > Key: SOLR-12120 > URL: https://issues.apache.org/jira/browse/SOLR-12120 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: security > Reporter: Jan Høydahl > Assignee: Jan Høydahl > Priority: Major > > Solr needs a well defined plugin point to implement audit logging > functionality, which is independent from whatever {{AuthenticationPlugin}} or > {{AuthorizationPlugin}} are in use at the time. > It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It > could be configured in solr.xml or it could be a third type of plugin defined > in {{security.json}}, i.e. > {code:java} > "authentication" : { "class" : ... } > "authorization" : { "class" : ... } > "auditlogging" : { "class" : "x.y.MyAuditLogger", ... }{code} > We could then instrument SolrDispatchFilter to call > {{auditlogger.authenticationFailed(request, response, msg)}} if auth failed > and the request is going to be aborted, and likewise HttpSolrCall could call > relevant methods when a final autz decision is made, e.g. > {{auditlogger.notAuthorized(authCtx, request, response)}}, and if all is OK, > it could call {{auditlogger.ok()}} for success logging. > If no auditlogger is explicitly configured, we can fallback to a default > {{SolrLogAuditLogger}} that logs to standard Solr log, or we could setup > log4j to output a new {{logs/audit.log}} file. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org