Hrishikesh Gadre created SENTRY-2107:
----------------------------------------
Summary: Solr plugin should use short username instead of user
principal for authorization check
Key: SENTRY-2107
URL: https://issues.apache.org/jira/browse/SENTRY-2107
Project: Sentry
Issue Type: Improvement
Affects Versions: 2.0.0
Reporter: Hrishikesh Gadre
Assignee: Hrishikesh Gadre
Priority: Minor
Currently Solr authorization framework provides only user principal as part of
the authorization context. Authorization service like Sentry, on the other
hands, requires a short username to enforce the authorization checks. Currently
this is achieved by explicitly transforming user principal to short user name
using Hadoop KerberosName class. This is not a good design since it assumes
that only kerberos authentication mechanism is used with sentry (which is not
always the case e.g. solr supports ldap based authentication).
SOLR-10814 fixes this issue by providing short user name as part of the
authorization context. This jira is to utilize the new api on the sentry side.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
