[jira] [Commented] (SOLR-12120) New plugin type AuditLoggerPlugin

Fri, 30 Nov 2018 05:45:12 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704748#comment-16704748
 ] 

Jan Høydahl commented on SOLR-12120:
------------------------------------

Continuing with this. I think I will explore using MDC for some pieces, like 
sessionID and perhaps other info fetched from the authentication. Typically 
items that also could be useful to add in log4j logging. Then Audit plugins 
could use those as well.

I think it could also be an idea to reduce the overhead of creating the 
AuditEvent object for the states that shall not be logged. So move the logic 
for determining whether the eventType is to be logged or not to a cheaper 
method before creating the AuditEvent object.

> New plugin type AuditLoggerPlugin
> ---------------------------------
>
>                 Key: SOLR-12120
>                 URL: https://issues.apache.org/jira/browse/SOLR-12120
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>          Time Spent: 2h 50m
>  Remaining Estimate: 0h
>
> Solr needs a well defined plugin point to implement audit logging 
> functionality, which is independent from whatever {{AuthenticationPlugin}} or 
> {{AuthorizationPlugin}} are in use at the time.
> It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It 
> could be configured in solr.xml or it could be a third type of plugin defined 
> in {{security.json}}, i.e.
> {code:java}
> {
>   "authentication" : { "class" : ... },
>   "authorization" : { "class" : ... },
>   "auditlogging" : { "class" : "x.y.MyAuditLogger", ... }
> }
> {code}
> We could then instrument SolrDispatchFilter to the audit plugin with an 
> AuditEvent at important points such as successful authentication:
> {code:java}
> auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, 
> request)); 
> {code}
>  We will mark the impl as {{@lucene.experimental}} in the first release to 
> let it settle as people write their own plugin implementations.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to