[
https://issues.apache.org/jira/browse/TIKA-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17525588#comment-17525588
]
Nick Burch commented on TIKA-3725:
----------------------------------
Something like OAuth would be pretty different to basic auth, due to the need
to do all the redirects. SSL client auth would be different again.
Maybe just focus on basic auth with username and password to start with? If so,
I'd lean towards an interface which takes username + password and returns
true/false. Then have a single implementation which supports a single username
and password, username defaults to Tika and can be changed with ENV variable or
config, password always required from ENV variable or config. Supporting a DB
of user details (even if only .htpasswd style or like tomcat-users.xml) feels
an overkill for v1
That's assuming we can't just find some CXF plugin to do it all for us....
> Add Authorization to Tika Server (Suggest Basic to start off with)
> ------------------------------------------------------------------
>
> Key: TIKA-3725
> URL: https://issues.apache.org/jira/browse/TIKA-3725
> Project: Tika
> Issue Type: New Feature
> Components: tika-server
> Affects Versions: 2.3.0
> Reporter: Dan Coldrick
> Priority: Minor
>
> I would be good to get some Authentication/Authorization added to TIKA server
> to be able to add another layer of security around the Tika Server Rest
> service.
> This could become a rabbit hole with the number of options available around
> Authentication/Authorization (Oauth, OpenId etc) so suggest as a starter
> basic Auth is added.
> How to store user(s)/password suggest looking at how other apache products do
> the same?
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
