[jira] [Updated] (SOLR-7692) Implement BasicAuth based impl for the new Authentication/Authorization APIs

[Noble Paul (JIRA)]

     [ 
https://issues.apache.org/jira/browse/SOLR-7692?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Noble Paul updated SOLR-7692:
-----------------------------
    Description: 
This involves various components
h2. Authentication

A basic auth based authentication filter. This should retrieve the user 
credentials from ZK.  The user name and sha1 hash of password should be stored 
in ZK

sample authentication json 
{code:javascript}
{
  "authentication":{

    "class": "solr.BasicAuthPlugin",
    "users" :{
      "john" :"09fljnklnoiuy98 buygujkjnlk",
      "david":"f678njfgfjnklno iuy9865ty",
      "pete": "87ykjnklndfhjh8 98uyiy98",
       }
  }
}
{code}

h2. authorization plugin

This would store the roles of various users and their privileges in ZK

sample authorization.json

{code:javascript}
{
  "authorization": {
    "class": "solr.ZKAuthorization",
   "user-role" :{
  "john" : ["admin", "guest"]
  "tom" : 'dev'
   }
    "permissions": [
       {"name":"collection-edit",
         "role": "admin" 
       },
       {"name":"coreadmin",
         "role":"admin"
       },
       {"name": "mycoll_update",
        "collection": "mycoll",
        "path":["/update/*"],
        "role": ["guest","admin"]
      }]
    }
  }
}
{code} 

We will also need to provide APIs to create users and assign them roles

  was:
This involves various components
h2. Authentication

A basic auth based authentication filter. This should retrieve the user 
credentials from ZK.  The user name and sha1 hash of password should be stored 
in ZK

sample authentication json 
{code:javascript}
{
  "authentication":{

    "class": "solr.BasicAuthPlugin",
    "users" :{
      "john" :"09fljnklnoiuy98 buygujkjnlk",
      "david":"f678njfgfjnklno iuy9865ty",
      "pete": "87ykjnklndfhjh8 98uyiy98",
       }
  }
}
{code}

h2. authorization plugin

This would store the roles of various users and their privileges in ZK

sample authorization.json

{code:javascript}
{
  "authorization": {
    "class": "solr.ZKAuthorization",
   "roles" :{
  "admin" : ["john"]
  "guest" : ["john", "david","pete"]
   }
    "permissions": {
       "collection-edit": {
         "role": "admin" 
       },
       "coreadmin":{
         "role":"admin"
       },
       "config-edit": {
         //all collections
         "role": "admin",
         "method":"POST"
       },
       "schema-edit": {
         "roles": "admin",
         "method":"POST"
       },
       "update": {
         //all collections
         "role": "dev"
       },
      "mycoll_update": {
        "collection": "mycoll",
        "path":["/update/*"],
        "role": ["somebody"]
      }
    }
  }
}
{code} 

We will also need to provide APIs to create users and assign them roles


> Implement BasicAuth based impl for the new Authentication/Authorization APIs
> ----------------------------------------------------------------------------
>
>                 Key: SOLR-7692
>                 URL: https://issues.apache.org/jira/browse/SOLR-7692
>             Project: Solr
>          Issue Type: New Feature
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>            Priority: Blocker
>             Fix For: 5.3, Trunk
>
>         Attachments: SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, 
> SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, 
> SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, 
> SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, SOLR-7692.patch, 
> SOLR-7757.patch, SOLR-7757.patch, SOLR-7757.patch
>
>
> This involves various components
> h2. Authentication
> A basic auth based authentication filter. This should retrieve the user 
> credentials from ZK.  The user name and sha1 hash of password should be 
> stored in ZK
> sample authentication json 
> {code:javascript}
> {
>   "authentication":{
>     "class": "solr.BasicAuthPlugin",
>     "users" :{
>       "john" :"09fljnklnoiuy98 buygujkjnlk",
>       "david":"f678njfgfjnklno iuy9865ty",
>       "pete": "87ykjnklndfhjh8 98uyiy98",
>        }
>   }
> }
> {code}
> h2. authorization plugin
> This would store the roles of various users and their privileges in ZK
> sample authorization.json
> {code:javascript}
> {
>   "authorization": {
>     "class": "solr.ZKAuthorization",
>    "user-role" :{
>   "john" : ["admin", "guest"]
>   "tom" : 'dev'
>    }
>     "permissions": [
>        {"name":"collection-edit",
>          "role": "admin" 
>        },
>        {"name":"coreadmin",
>          "role":"admin"
>        },
>        {"name": "mycoll_update",
>         "collection": "mycoll",
>         "path":["/update/*"],
>         "role": ["guest","admin"]
>       }]
>     }
>   }
> }
> {code} 
> We will also need to provide APIs to create users and assign them roles



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org