[jira] [Updated] (SOLR-12120) New plugin type AuditLoggerPlugin
[ https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jan Høydahl updated SOLR-12120: --- Fix Version/s: 8.1 > New plugin type AuditLoggerPlugin > - > > Key: SOLR-12120 > URL: https://issues.apache.org/jira/browse/SOLR-12120 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: security >Reporter: Jan Høydahl >Assignee: Jan Høydahl >Priority: Major > Fix For: 8.1 > > Time Spent: 3h > Remaining Estimate: 0h > > Solr needs a well defined plugin point to implement audit logging > functionality, which is independent from whatever {{AuthenticationPlugin}} or > {{AuthorizationPlugin}} are in use at the time. > It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It > could be configured in solr.xml or it could be a third type of plugin defined > in {{security.json}}, i.e. > {code:java} > { > "authentication" : { "class" : ... }, > "authorization" : { "class" : ... }, > "auditlogging" : { "class" : "x.y.MyAuditLogger", ... } > } > {code} > We could then instrument SolrDispatchFilter to the audit plugin with an > AuditEvent at important points such as successful authentication: > {code:java} > auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, > request)); > {code} > We will mark the impl as {{@lucene.experimental}} in the first release to > let it settle as people write their own plugin implementations. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-12120) New plugin type AuditLoggerPlugin
[ https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jan Høydahl updated SOLR-12120: --- Description: Solr needs a well defined plugin point to implement audit logging functionality, which is independent from whatever {{AuthenticationPlugin}} or {{AuthorizationPlugin}} are in use at the time. It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It could be configured in solr.xml or it could be a third type of plugin defined in {{security.json}}, i.e. {code:java} { "authentication" : { "class" : ... }, "authorization" : { "class" : ... }, "auditlogging" : { "class" : "x.y.MyAuditLogger", ... } } {code} We could then instrument SolrDispatchFilter to the audit plugin with an AuditEvent at important points such as successful authentication: {code:java} auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, request)); {code} We will mark the impl as {{@lucene.experimental}} in the first release to let it settle as people write their own plugin implementations. was: Solr needs a well defined plugin point to implement audit logging functionality, which is independent from whatever {{AuthenticationPlugin}} or {{AuthorizationPlugin}} are in use at the time. It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It could be configured in solr.xml or it could be a third type of plugin defined in {{security.json}}, i.e. {code} { "authentication" : { "class" : ... }, "authorization" : { "class" : ... }, "auditlogging" : { "class" : "x.y.MyAuditLogger", ... } } {code} We could then instrument SolrDispatchFilter to the audit plugin with an AuditEvent at important points such as successful authentication: {code:java} auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, request)); {code} We will mark the impl as {{@lucene.experimental}} in the first release to let it settle as people write their own plugin implementations. > New plugin type AuditLoggerPlugin > - > > Key: SOLR-12120 > URL: https://issues.apache.org/jira/browse/SOLR-12120 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: security >Reporter: Jan Høydahl >Assignee: Jan Høydahl >Priority: Major > > Solr needs a well defined plugin point to implement audit logging > functionality, which is independent from whatever {{AuthenticationPlugin}} or > {{AuthorizationPlugin}} are in use at the time. > It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It > could be configured in solr.xml or it could be a third type of plugin defined > in {{security.json}}, i.e. > {code:java} > { > "authentication" : { "class" : ... }, > "authorization" : { "class" : ... }, > "auditlogging" : { "class" : "x.y.MyAuditLogger", ... } > } > {code} > We could then instrument SolrDispatchFilter to the audit plugin with an > AuditEvent at important points such as successful authentication: > {code:java} > auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, > request)); > {code} > We will mark the impl as {{@lucene.experimental}} in the first release to > let it settle as people write their own plugin implementations. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-12120) New plugin type AuditLoggerPlugin
[ https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jan Høydahl updated SOLR-12120: --- Description: Solr needs a well defined plugin point to implement audit logging functionality, which is independent from whatever {{AuthenticationPlugin}} or {{AuthorizationPlugin}} are in use at the time. It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It could be configured in solr.xml or it could be a third type of plugin defined in {{security.json}}, i.e. {code} { "authentication" : { "class" : ... }, "authorization" : { "class" : ... }, "auditlogging" : { "class" : "x.y.MyAuditLogger", ... } } {code} We could then instrument SolrDispatchFilter to the audit plugin with an AuditEvent at important points such as successful authentication: {code:java} auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, request)); {code} We will mark the impl as {{@lucene.experimental}} in the first release to let it settle as people write their own plugin implementations. was: Solr needs a well defined plugin point to implement audit logging functionality, which is independent from whatever {{AuthenticationPlugin}} or {{AuthorizationPlugin}} are in use at the time. It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It could be configured in solr.xml or it could be a third type of plugin defined in {{security.json}}, i.e. {code:java} "authentication" : { "class" : ... } "authorization" : { "class" : ... } "auditlogging" : { "class" : "x.y.MyAuditLogger", ... }{code} We could then instrument SolrDispatchFilter to call {{auditlogger.authenticationFailed(request, response, msg)}} if auth failed and the request is going to be aborted, and likewise HttpSolrCall could call relevant methods when a final autz decision is made, e.g. {{auditlogger.notAuthorized(authCtx, request, response)}}, and if all is OK, it could call {{auditlogger.ok()}} for success logging. If no auditlogger is explicitly configured, we can fallback to a default {{SolrLogAuditLogger}} that logs to standard Solr log, or we could setup log4j to output a new {{logs/audit.log}} file. > New plugin type AuditLoggerPlugin > - > > Key: SOLR-12120 > URL: https://issues.apache.org/jira/browse/SOLR-12120 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: security >Reporter: Jan Høydahl >Assignee: Jan Høydahl >Priority: Major > > Solr needs a well defined plugin point to implement audit logging > functionality, which is independent from whatever {{AuthenticationPlugin}} or > {{AuthorizationPlugin}} are in use at the time. > It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It > could be configured in solr.xml or it could be a third type of plugin defined > in {{security.json}}, i.e. > {code} > { > "authentication" : { "class" : ... }, > "authorization" : { "class" : ... }, > "auditlogging" : { "class" : "x.y.MyAuditLogger", ... } > } > {code} > We could then instrument SolrDispatchFilter to the audit plugin with an > AuditEvent at important points such as successful authentication: > {code:java} > auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, > request)); > {code} > > We will mark the impl as {{@lucene.experimental}} in the first release to let > it settle as people write their own plugin implementations. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org