[jira] [Reopened] (SOLR-7896) Add a login page for Solr Administrative Interface

Mon, 07 Jan 2019 03:25:11 -0800 


     [ 
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Høydahl reopened SOLR-7896:
-------------------------------

Reopening to fix two issues
 # The "Dead end" situation described above, i.e. if you click a restricted 
menu you get stuck in the Login page without any way back to unrestricted parts 
of Admin UI
 # A bug if you use BasicAuth with {{blockUknown=false}} and then restrict 
certain operations with RuleBasedAuthz - the browser login prompt will then 
show instead of Admin UI intercepting the 401. This is due to the way the Authz 
plugin then sends the WWW-Authenticate header

To reproduce the bug, do
{code:java}
bin/solr start -c
bin/solr auth enable -credentials solr:solr -blockUnknown false
# Go to admin UI and try to create a collection - BOOM{code}
 

> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
>                 Key: SOLR-7896
>                 URL: https://issues.apache.org/jira/browse/SOLR-7896
>             Project: Solr
>          Issue Type: New Feature
>          Components: Admin UI, Authentication, security
>    Affects Versions: 5.2.1
>            Reporter: Aaron Greenspan
>            Assignee: Jan Høydahl
>            Priority: Major
>              Labels: authentication, login, password
>             Fix For: master (8.0), 7.7
>
>         Attachments: dispatchfilter-code.png, login-page.png, 
> login-screen-2.png, logout.png, unknown_scheme.png
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> Now that Solr supports Authentication plugins, the missing piece is to be 
> allowed access from Admin UI when authentication is enabled. For this we need
>  * Some plumbing in Admin UI that allows the UI to detect 401 responses and 
> redirect to login page
>  * Possibility to have multiple login pages depending on auth method and 
> redirect to the correct one
>  * [AngularJS HTTP 
> interceptors|https://docs.angularjs.org/api/ng/service/$http#interceptors] to 
> add correct HTTP headers on all requests when user is logged in
> This issue should aim to implement some of the plumbing mentioned above, and 
> make it work with Basic Auth.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to