Great that you want to start this effort. When you say "Add a new plugin based on Apache Shiro", do you then mean trying to fit Shiro into our current security.json plugins or to start a fully parallel implementation? I think perhaps a fully parallel approach (with shiro.ini or some other local-to-node config format) being used. I'm starting to question if having the central security.json in ZK is in itself a security risk compared to local files on nodes. It is also far easier to bootstrap a solr node with security if based on local file configuration, than relying on ZK. Perhaps the SIP can discuss such tradeoffs.
Jan > 3. mai 2026 kl. 23:25 skrev Gus Heck <[email protected]>: > > oops, forgot to put the discuss tag on the subject line, please proceed on > this thread > > On Sun, May 3, 2026 at 5:20 PM Gus Heck <[email protected]> wrote: > >> I spent some time writing up an idea that's been growing in my head >> since I watched Jason's talk on our "not so basic auth" at activate in 2019 >> >> >> https://cwiki.apache.org/confluence/display/SOLR/SIP-26%3A+Role+Based+Authentication+using+Apache+Shiro >> >> LMK what you think. I'm hoping to begin spending some time on this soon. >> >> -Gus >> >> -- >> http://www.needhamsoftware.com (work) >> https://a.co/d/b2sZLD9 (my fantasy fiction book) >> > > > -- > http://www.needhamsoftware.com (work) > https://a.co/d/b2sZLD9 (my fantasy fiction book) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
