----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30017/#review73986 -----------------------------------------------------------
I couldn't remember why we didn't cover it in the first place? May be for the reason that all the configs are stored in ZK and we didn't have Sentry protecting zk access so the users could anyway get access to all the configs (schema and etc), even without talking with Solr schema API. @Greg - Any thoughts? - Vamsee Yarlagadda On Jan. 19, 2015, 1:11 a.m., shen guoquan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/30017/ > ----------------------------------------------------------- > > (Updated Jan. 19, 2015, 1:11 a.m.) > > > Review request for sentry and Vamsee Yarlagadda. > > > Repository: sentry > > > Description > ------- > > The Solr schema API allows using a REST API to get schema about the each > collection, including defined field types, fields, dynamic fields, and copy > field declarations. There exists a risk that user can get the collection > schema they does not access to. For example, user1 has no query privilege on > collection collection1, but currently the user1 can get the schema metadata > about collection1 as running the command: curl > http://localhost:8983/solr/collection1/schema It’s should deny the users get > the schema information that they haven’t query privilege on. > > > Diffs > ----- > > pom.xml 60a9f4a > sentry-solr/solr-sentry-handlers/pom.xml 8ca1cb3 > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/rest/SecureSolrSchemaRestApi.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/rest/SentryAuthorizerFilter.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/rest/SentryAuthorizerFilterException.java > PRE-CREATION > > sentry-solr/solr-sentry-handlers/src/main/resources/sentry-handlers/sentry/test-authz-provider.ini > 8f48a8c > > sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/rest/TestSentryAuthorizerFilter.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/rest/RestTestHarness.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/rest/SolrSentryRestTestBase.java > PRE-CREATION > > sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/rest/TestSchemaProtection.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/30017/diff/ > > > Testing > ------- > > > Thanks, > > shen guoquan > >
