[jira] [Commented] (SOLR-11623) Every request handler in Solr should implement PermissionNameProvider interface

ASF subversion and git services (Jira) Fri, 14 Jan 2022 07:49:06 -0800


    [ 
https://issues.apache.org/jira/browse/SOLR-11623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17476230#comment-17476230
 ]


ASF subversion and git services commented on SOLR-11623:
--------------------------------------------------------

Commit a97b796463232402b2a5b37013e2c6ad9a570c8f in solr's branch 
refs/heads/branch_9x from Jan Høydahl
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=a97b796 ]

SOLR-11623 Every request handler - PermissionNameProvider (Take 2) (#427)

(cherry picked from commit 68a600e026254c63304a2c2f9e395e5e62876002)


> Every request handler in Solr should implement PermissionNameProvider 
> interface
> -------------------------------------------------------------------------------
>
>                 Key: SOLR-11623
>                 URL: https://issues.apache.org/jira/browse/SOLR-11623
>             Project: Solr
>          Issue Type: Improvement
>    Affects Versions: 7.1
>            Reporter: Hrishikesh Gadre
>            Assignee: Jan Høydahl
>            Priority: Blocker
>             Fix For: 9.0
>
>          Time Spent: 9h 20m
>  Remaining Estimate: 0h
>
> Solr authorization framework expects request handler to implement 
> PermissionNameProvider interface so that the type of the permission for the 
> request can be extracted. Currently not all request handlers implement 
> PermissionNameProvider, requiring authorization plugin implementation to 
> check this case explicitly and return OK. During code review of SENTRY-1475, 
> this issue was discussed. Since  PermissionNameProvider.Name enum provides 
> "ALL" permission type, it should be possible to have every request handler to 
> implement PermissionNameProvider interface and provide "ALL" permission type 
> if no authorization checks are necessary.
> The secondary benefit of this work would be that we can review all the 
> request handlers and ensure that we aren't missing authorization support for 
> any request handlers which provide sensitive information.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SOLR-11623) Every request handler in Solr should implement PermissionNameProvider interface

Reply via email to