[
https://issues.apache.org/jira/browse/SOLR-9513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15829217#comment-15829217
]
Hrishikesh Gadre commented on SOLR-9513:
----------------------------------------
[~ichattopadhyaya] I think documenting just the HadoopAuthFilter is a good
idea. But instead of deprecating it, I think we should just delete that class
for following reasons,
- This class is not directly interacting with client applications. Hence if
some deployments are using this class, we can just ask them to change the
security.json to point to HadoopAuthFilter (which will provide identical
functionality).
- Deprecating a class has a hugh cost in the long term. e.g. if there are any
API changes - we will still have to update this class. Also we will need to
remember the fact that this class needs to be deleted at some point etc.
If deleting a class is not an option, why can't we spin another RC for 6.4 ?
This functionality has *very little or no* interaction with the rest of the
system. Hence just deleting it before the release seems like the right thing to
do.
CC [~jim.ferenczi]
> Introduce a generic authentication plugin which delegates all functionality
> to Hadoop authentication framework
> --------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-9513
> URL: https://issues.apache.org/jira/browse/SOLR-9513
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Hrishikesh Gadre
> Assignee: Ishan Chattopadhyaya
> Fix For: master (7.0), 6.4
>
> Attachments: SOLR-9513_6x.patch,
> SOLR-9513-deprecate-GenericHadoopAuthPlugin.patch, SOLR-9513.patch
>
>
> Currently Solr kerberos authentication plugin delegates the core logic to
> Hadoop authentication framework. But the configuration parameters required by
> the Hadoop authentication framework are hardcoded in the plugin code itself.
> https://github.com/apache/lucene-solr/blob/5b770b56d012279d334f41e4ef7fe652480fd3cf/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java#L119
> The problem with this approach is that we need to make code changes in Solr
> to expose new capabilities added in Hadoop authentication framework. e.g.
> HADOOP-12082
> We should implement a generic Solr authentication plugin which will accept
> configuration parameters via security.json (in Zookeeper) and delegate them
> to Hadoop authentication framework. This will allow to utilize new features
> in Hadoop without code changes in Solr.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
