Hi all, I posted this question in Slack a few days ago, but I didn't get any bites so I'm copying here as well for the larger set of eyes:
Does anyone have a good understanding of how the v2 authentication/authorization APIs work? I’d like to convert them to over to the annotation framework (SOLR-15738), but I’m having a hard time understanding what each of the "cluster.security.*" apispec files is actually for. - The plugin-specific apispec’s (e.g. cluster.security.JwtAuth.Commands) are pretty self explanatory, and what I would expect to see. - The remaining 4 look like they’re used as defaults or fallbacks in SecurityConfHandler, but the logic in how they’re registered looks more involved than I’d expect if that were true. SecurityConfHandler registers two of the apispecs ( cluster.security.authentication and cluster.security.authorization ) unconditionally, while it registers the other two only if the Authc/AuthzPlugins don’t have an API/spec that they provide themselves. It looks like this was all setup in the same mega-JIRA (SOLR-8029) that added all the v2 APIs, so there was too much else going on for it to merit discussion there apparently. Anyway, if anyone can shed any light on the 4 "fallback" or "default" apispecs and why they're registered differently, I'd love to hear it. Thanks all! Best, Jason --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
