[
https://issues.apache.org/jira/browse/SOLR-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13593924#comment-13593924
]
Jan Høydahl commented on SOLR-4470:
-----------------------------------
Wow. That was some bulk of information :) Skimmed the code - very good that you
have extensive test coverage, some JavaDocs etc. It would in my eyes be wiser
to split the elephant in order to attract committer attention. Is there some
major part you can leave out and start with the simplest possible codebase to
enable simple auth on internal requests only? Then once that is reviewed and
committed (to trunk), you could add the rest in a few more steps. I'm afraid
there is a risk this patch will rot and become stale and un-applyable very very
quickly, both because it is too much in one bite and that it touches so many
lines that it will not apply cleanly for many days in a row.
Another option is to do the finalization of auth in a new branch. Just a pity
non-committers can't work with branches in svn. I could create a branch off
trunk for you and commit your code to it if you're willing to make it apply.
Then everyone can more easily checkout the branch, test, create new JIRAs with
diffs against the branch and get some Heavy Committing™.
PS: Please run ant precommit - You'll want Mark & Yonik on your side here :)
> Support for basic http auth in internal solr requests
> -----------------------------------------------------
>
> Key: SOLR-4470
> URL: https://issues.apache.org/jira/browse/SOLR-4470
> Project: Solr
> Issue Type: Bug
> Components: clients - java, multicore, replication (java), SolrCloud
> Affects Versions: 4.0
> Reporter: Per Steffensen
> Labels: authentication, solrclient, solrcloud
> Fix For: 4.2
>
> Attachments: SOLR-4470_branch_4x_r1452629.patch
>
>
> We want to protect any HTTP-resource (url). We want to require credentials no
> matter what kind of HTTP-request you make to a Solr-node.
> It can faily easy be acheived as described on
> http://wiki.apache.org/solr/SolrSecurity. This problem is that Solr-nodes
> also make "internal" request to other Solr-nodes, and for it to work
> credentials need to be provided here also.
> Ideally we would like to "forward" credentials from a particular request to
> all the "internal" sub-requests it triggers. E.g. for search and update
> request.
> But there are also "internal" requests
> * that only indirectly/asynchronously triggered from "outside" requests (e.g.
> shard creation/deletion/etc based on calls to the "Collection API")
> * that do not in any way have relation to an "outside" "super"-request (e.g.
> replica synching stuff)
> We would like to aim at a solution where "original" credentials are
> "forwarded" when a request directly/synchronously trigger a subrequest, and
> fallback to a configured "internal credentials" for the
> asynchronous/non-rooted requests.
> In our solution we would aim at only supporting basic http auth, but we would
> like to make a "framework" around it, so that not to much refactoring is
> needed if you later want to make support for other kinds of auth (e.g. digest)
> We will work at a solution but create this JIRA issue early in order to get
> input/comments from the community as early as possible.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
