[jira] [Commented] (SOLR-7896) Add a login page for Solr Administrative Interface

Thu, 19 Apr 2018 07:05:44 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16444088#comment-16444088
 ] 

Jan Høydahl commented on SOLR-7896:
-----------------------------------

I was certain that Solr used to be able to load the (static) Admin UI files, 
such as {{/solr/libs/angular-resource.min.js.map }}without the browser 
prompting for authentication, if Basic Auth is enabled. But now when I test I 
get the browser prompt on every single load of the Admin UI front page, 
triggered by the browser trying to load a static file.
 
I tried with master, 7.x, 6.x and even 5.5.5 and same results. Please refresh 
my memory.
 
For this feature to work we need all static resources to be served (by Jetty or 
by Solr) to the browser without auth, and only enforce authentication on the 
Solr APIs which are called with Ajax calls from Angular. Else we'll not be able 
to throw up the nice login page before the browser throws up its ugly one :)

> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
>                 Key: SOLR-7896
>                 URL: https://issues.apache.org/jira/browse/SOLR-7896
>             Project: Solr
>          Issue Type: New Feature
>          Components: Admin UI, security
>    Affects Versions: 5.2.1
>            Reporter: Aaron Greenspan
>            Assignee: Jan Høydahl
>            Priority: Major
>              Labels: authentication, login, password
>
> Now that Solr supports Authentication plugins, the missing piece is to be 
> allowed access from Admin UI when authentication is enabled. For this we need
>  * Some plumbing in Admin UI that allows the UI to detect 401 responses and 
> redirect to login page
>  * Possibility to have multiple login pages depending on auth method and 
> redirect to the correct one
>  * [AngularJS HTTP 
> interceptors|https://docs.angularjs.org/api/ng/service/$http#interceptors] to 
> add correct HTTP headers on all requests when user is logged in
> This issue should aim to implement some of the plumbing mentioned above, and 
> make it work with Basic Auth.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to