On Fri, Jun 24, 2022 at 4:56 PM Guse, Jimmy <[email protected]> wrote:
> The reason I’ve been in this swamp is that I use solr from within an > application (both via the web and in cron scripts) running only as a single > instance on localhost, never with direct user access. To avoid having to > deal with accounts and passwords (in files), I crafted an IdentAuthPlugin > that I use as the authentication provider (which is secure for > password-less authenticating of local users), and I add that into the > released solr-core-x.y.z.jar to be used (I also need to modify the > ‘credentials’ member of Sha256AuthenticationProvider class from private to > protected, so I can subclass and override its authenticate() function > inside my IdentAuthPlugin class – this just makes it simpler to leverage > the existing functionality without duplicating it). So my process involves > taking the release-source, patching (Sha256AuthenticationProvider.java) it > and adding (IdentAuthPlugin.java) to it, rebuilding it to get the updated > .class files for those two Java classes and then stuffing them into the > original solr-core-x.y.z.jar in the release-binary, so it drops in as a > normal solr version .tgz package for updates/etc. > > > > So, would there be any interest in incorporating one (the privateàprotected > patch) or both of these changes in the mainline source? > For the private->protected -- Sure; seems fine. But for IdentAuthPlugin you'd contribute; I'm unsure what it's doing. I suppose you could share in a PR. ~ David
