[jira] [Commented] (SOLR-7896) Add a login page for Solr Administrative Interface

Fri, 04 Jan 2019 06:58:08 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16734221#comment-16734221
 ] 

Jan Høydahl commented on SOLR-7896:
-----------------------------------

{quote}I'm confused about the last sentence there. I don't quite understand how 
opening a new browser tab bypasses the login screen?
{quote}
Well, technically, the UI is fully functional until the first time an Ajax 
request to Solr results in a HTTP 401 response. Once that happens, it brings up 
the "Login" menu option and gets stuck in login mode, and there is no way to 
get back without logging in. But the 401 state is kept in a SessionStore 
variable, so once you try in a new browser tab, it won't remember the 401 state 
until you attempt some restricted operation again.

An improvement could be to always display the "Dashboard" menu option and when 
clicking it we'd automatically reset the http401 flag. That would give you an 
exit from the login screen. But of course, if your auth protects even the 
/admin/info/system call then you'd just be thrown right back to the login panel 
every time...

> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
>                 Key: SOLR-7896
>                 URL: https://issues.apache.org/jira/browse/SOLR-7896
>             Project: Solr
>          Issue Type: New Feature
>          Components: Admin UI, Authentication, security
>    Affects Versions: 5.2.1
>            Reporter: Aaron Greenspan
>            Assignee: Jan Høydahl
>            Priority: Major
>              Labels: authentication, login, password
>             Fix For: master (8.0), 7.7
>
>         Attachments: dispatchfilter-code.png, login-page.png, 
> login-screen-2.png, logout.png, unknown_scheme.png
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> Now that Solr supports Authentication plugins, the missing piece is to be 
> allowed access from Admin UI when authentication is enabled. For this we need
>  * Some plumbing in Admin UI that allows the UI to detect 401 responses and 
> redirect to login page
>  * Possibility to have multiple login pages depending on auth method and 
> redirect to the correct one
>  * [AngularJS HTTP 
> interceptors|https://docs.angularjs.org/api/ng/service/$http#interceptors] to 
> add correct HTTP headers on all requests when user is logged in
> This issue should aim to implement some of the plumbing mentioned above, and 
> make it work with Basic Auth.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to