[jira] [Commented] (SOLR-7692) Implement BasicAuth based impl for the new Authentication/Authorization APIs

Tue, 28 Jul 2015 03:59:01 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-7692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14644236#comment-14644236
 ] 

Ishan Chattopadhyaya commented on SOLR-7692:
--------------------------------------------

bq. Let's separate out the authentication and authorization patches into 
different issues. As they are orthogonal, we should commit them separately.

+1. However, although I agree that we should separate out the authc and authz 
parts into different issues, the current integration test 
(BasicAuthIntegrationTest) would need to be rewritten as it is using both the 
plugins together. 

> Implement BasicAuth based impl for the new Authentication/Authorization APIs
> ----------------------------------------------------------------------------
>
>                 Key: SOLR-7692
>                 URL: https://issues.apache.org/jira/browse/SOLR-7692
>             Project: Solr
>          Issue Type: New Feature
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>         Attachments: SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, 
> SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, 
> SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, 
> SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, 
> SOLR-7757.patch, SOLR-7757.patch, SOLR-7757.patch
>
>
> This involves various components
> h2. Authentication
> A basic auth based authentication filter. This should retrieve the user 
> credentials from ZK.  The user name and sha1 hash of password should be 
> stored in ZK
> sample authentication json 
> {code:javascript}
> {
>   "authentication":{
>     "class": "solr.BasicAuthPlugin",
>     "users" :{
>       "john" :"09fljnklnoiuy98 buygujkjnlk",
>       "david":"f678njfgfjnklno iuy9865ty",
>       "pete": "87ykjnklndfhjh8 98uyiy98",
>        }
>   }
> }
> {code}
> h2. authorization plugin
> This would store the roles of various users and their privileges in ZK
> sample authorization.json
> {code:javascript}
> {
>   "authorization": {
>     "class": "solr.ZKAuthorization",
>    "roles" :{
>   "admin" : ["john"]
>   "guest" : ["john", "david","pete"]
>    }
>     "permissions": {
>        "collection-edit": {
>          "role": "admin" 
>        },
>        "coreadmin":{
>          "role":"admin"
>        },
>        "config-edit": {
>          //all collections
>          "role": "admin",
>          "method":"POST"
>        },
>        "schema-edit": {
>          "roles": "admin",
>          "method":"POST"
>        },
>        "update": {
>          //all collections
>          "role": "dev"
>        },
>       "mycoll_update": {
>         "collection": "mycoll",
>         "path":["/update/*"],
>         "role": ["somebody"]
>       }
>     }
>   }
> }
> {code} 
> We will also need to provide APIs to create users and assign them roles



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to