[jira] [Commented] (SOLR-12120) New plugin type AuditLoggerPlugin

Fri, 21 Dec 2018 02:22:33 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16726623#comment-16726623
 ] 

Jan Høydahl commented on SOLR-12120:
------------------------------------

Pushed some new commits to [Pull Request 
#342|https://github.com/apache/lucene-solr/pull/342]
 * Addressing more of previous comments, such as test extending 
{{LuceneTestCase}}, see PR for details
 * Now AUTHENTICATED, ANONYMOUS and AUTHORIZED are not logged by default
 * Instead of {{auditIfConfigured(auditLoggerPlugin, auditEvent)}} we now do a 
much more lightweight check on {{shouldLog(eventType)}} before even creating 
the AuditEvent object
 * Configurable {{numThreads}} for the executorService of 
{{AsyncAuditLoggerPlugin}}
 * Catch and log exception from {{auditCallback}} to avoid background thread 
exiting on error

Remaining before first commit
 * Integration test

> New plugin type AuditLoggerPlugin
> ---------------------------------
>
>                 Key: SOLR-12120
>                 URL: https://issues.apache.org/jira/browse/SOLR-12120
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>          Time Spent: 3h
>  Remaining Estimate: 0h
>
> Solr needs a well defined plugin point to implement audit logging 
> functionality, which is independent from whatever {{AuthenticationPlugin}} or 
> {{AuthorizationPlugin}} are in use at the time.
> It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It 
> could be configured in solr.xml or it could be a third type of plugin defined 
> in {{security.json}}, i.e.
> {code:java}
> {
>   "authentication" : { "class" : ... },
>   "authorization" : { "class" : ... },
>   "auditlogging" : { "class" : "x.y.MyAuditLogger", ... }
> }
> {code}
> We could then instrument SolrDispatchFilter to the audit plugin with an 
> AuditEvent at important points such as successful authentication:
> {code:java}
> auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, 
> request)); 
> {code}
>  We will mark the impl as {{@lucene.experimental}} in the first release to 
> let it settle as people write their own plugin implementations.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to