Re: Security framework contribs - request for review

Wed, 04 Apr 2018 05:11:31 -0700 

Sorry for the large font on the previous email, it was sent from a smartphone :)

Appreciate reviews/comments in this email thread or directly in the JIRA 
issues. Here are links to desktop versions:

SOLR-12120 <https://issues.apache.org/jira/browse/SOLR-12120>: New plugin type 
AuditLoggerPlugin
SOLR-12121 <https://issues.apache.org/jira/browse/SOLR-12121>: JWT 
Authentication plugin
SOLR-12131 <https://issues.apache.org/jira/browse/SOLR-12131>: Authorization 
plugin support for getting user's roles from the outside
SOLR-7896 <https://issues.apache.org/jira/browse/SOLR-7896>: Add a login page 
for Solr Administrative Interface

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 29. mar. 2018 kl. 12:20 skrev Jan Høydahl <[email protected]>:
> 
> Hi.
> 
> I have started work with some new contributions to the security framework, 
> and hope you will have a look and comment on them :)
> 
> The first is introduction of a brand new plugin type; AuditLoggerPlugin: 
> https://issues.apache.org/jira/plugins/servlet/mobile#issue/SOLR-12120 
> <https://issues.apache.org/jira/plugins/servlet/mobile#issue/SOLR-12120> 
> along with one implementation logging to solr.log
> 
> 
> Then there is a new JWT Authentication plugin: 
> https://issues.apache.org/jira/plugins/servlet/mobile#issue/SOLR-12121 
> <https://issues.apache.org/jira/plugins/servlet/mobile#issue/SOLR-12121>
> It allows for validating tokens issued and signed by a 3rd party, and also 
> validating claims present in the token. This plugin can also pass a “roles” 
> claim on to the new authorization plugin described next.
> 
> 
> The third contrib is an Authorization plugin with support for getting user's 
> roles from the request: 
> https://issues.apache.org/jira/plugins/servlet/mobile#issue/SOLR-12131 
> <https://issues.apache.org/jira/plugins/servlet/mobile#issue/SOLR-12131>
> This is a subclass of rule based authz and share all features features except 
> you will not provide a user-role map in config, instead you trust a list of 
> roles passed from the JWT plugin (or any other Auth plugin).
> 
> 
> The final part of the puzzle is adding login support to Admin UI: 
> https://issues.apache.org/jira/plugins/servlet/mobile#issue/SOLR-7896 
> <https://issues.apache.org/jira/plugins/servlet/mobile#issue/SOLR-7896>
> I don’t have any path for this but discussion about how to best solve it is 
> highly welcome at this stage!
> 
> Jan Høydahl

Reply via email to