[
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16735712#comment-16735712
]
Jan Høydahl edited comment on SOLR-7896 at 1/7/19 12:12 PM:
------------------------------------------------------------
Uploaded a patch [^SOLR-7896-bugfix-7jan.patch]
* Never hide the Dashboard menu. Clicking it will take you out of any Login
screen dead-end
* Use {{xBasic}} trick also for Authorization header stored on the request,
and picked up by Authz plugin
* Clarified text in refGuide: "If your plugin of choice is not supported, the
Admin UI will still let you perform unrestricted operations, while for
restricted operations you will need to interact with Solr by sending HTTP
requests instead of through the graphical user interface of the Admin UI. All
operations supported by Admin UI can be performed through Solr's RESTful APIs."
was (Author: janhoy):
Uploaded a patch [^SOLR-7896-bugfix-7jan.patch]
* Never hide the Dashboard menu. Clicking it will take you out of any Login
screen dead-end
* Use {{xBasic}} trick also for Authorization header stored on the request,
and picked up by Authz plugin
> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
> Key: SOLR-7896
> URL: https://issues.apache.org/jira/browse/SOLR-7896
> Project: Solr
> Issue Type: New Feature
> Components: Admin UI, Authentication, security
> Affects Versions: 5.2.1
> Reporter: Aaron Greenspan
> Assignee: Jan Høydahl
> Priority: Major
> Labels: authentication, login, password
> Fix For: master (8.0), 7.7
>
> Attachments: SOLR-7896-bugfix-7jan.patch,
> SOLR-7896-bugfix-7jan.patch, dispatchfilter-code.png, login-page.png,
> login-screen-2.png, logout.png, unknown_scheme.png
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Now that Solr supports Authentication plugins, the missing piece is to be
> allowed access from Admin UI when authentication is enabled. For this we need
> * Some plumbing in Admin UI that allows the UI to detect 401 responses and
> redirect to login page
> * Possibility to have multiple login pages depending on auth method and
> redirect to the correct one
> * [AngularJS HTTP
> interceptors|https://docs.angularjs.org/api/ng/service/$http#interceptors] to
> add correct HTTP headers on all requests when user is logged in
> This issue should aim to implement some of the plumbing mentioned above, and
> make it work with Basic Auth.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
