[
https://issues.apache.org/jira/browse/TIKA-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17526098#comment-17526098
]
Dan Coldrick commented on TIKA-3725:
------------------------------------
[~tallison] [~nick]
I definitely think Basic authorization is a good starting point, at least TIKA
server would have some security around it which from a consumer point of view
would allow to host TIKA server in a more secure way than what it currently is.
[~nick] [~tallison] is it possible to reach out to the CXF devs in you Apache
capacity to review the current way TIKA server is setup? Almost like a code
review for best practice so it would be possible to use the CXF configuration
files? I did notice whilst having a go with the SSL stuff if you drop a CXF.xml
in the resources folder it appeared to spawn a separate jetty server but I
don't have any idea how it works.
[https://cxf.apache.org/docs/secure-jax-rs-services.html]
> Add Authorization to Tika Server (Suggest Basic to start off with)
> ------------------------------------------------------------------
>
> Key: TIKA-3725
> URL: https://issues.apache.org/jira/browse/TIKA-3725
> Project: Tika
> Issue Type: New Feature
> Components: tika-server
> Affects Versions: 2.3.0
> Reporter: Dan Coldrick
> Priority: Minor
>
> I would be good to get some Authentication/Authorization added to TIKA server
> to be able to add another layer of security around the Tika Server Rest
> service.
> This could become a rabbit hole with the number of options available around
> Authentication/Authorization (Oauth, OpenId etc) so suggest as a starter
> basic Auth is added.
> How to store user(s)/password suggest looking at how other apache products do
> the same?
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
