[jira] [Commented] (SOLR-17659) Implement basic authentication in Admin UI

Sun, 09 Feb 2025 07:40:33 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-17659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17925396#comment-17925396
 ] 

Gus Heck commented on SOLR-17659:
---------------------------------

I also hope that the login stuff is kept simple enough that it rarely changes 
and attackers have difficulty identifying the version of Solr based on it (and 
thus don't know what exploits to focus on).

> Implement basic authentication in Admin UI
> ------------------------------------------
>
>                 Key: SOLR-17659
>                 URL: https://issues.apache.org/jira/browse/SOLR-17659
>             Project: Solr
>          Issue Type: New Feature
>          Components: Admin UI
>            Reporter: Christos Malliaridis
>            Priority: Major
>              Labels: new-ui, ui
>
> In the new UI one of the key features that is not implemented yet is user 
> authentication. In order to secure and securily access Solr, the user should 
> be able to authenticate against a Solr instance with basic credentials.
> h2. Task
> Implement basic user authentication (with credentials) according to the [new 
> designs|https://www.figma.com/design/VdbEfcWQ8mirFNquBzbPk2/Apache-Solr-Admin-UI-v2-Concept?node-id=1190-388&t=vMgOa9QlzQZSdjLf-1].
> h2. Acceptance Criteria
> - The user can access a Solr instance that has user authentication enabled
> - The user can at least authenticate with credentials (basic auth)
> - The credentials form is displayed after the user has established a 
> connection with a Solr instance, that is, after a Solr instance was found
> - The user can return to the start screen where the Solr URL was provided, if 
> he decides to abort the authentication step
> - The user is no longer redirected to the dashboard or any other screen if 
> user authentication is required
> - The credentials are used for any subsequent request
> h2. Additional Information
> The support for additional authentication options does not have to be 
> addressed in this issue. If it proves to be straight-forward, feel free to 
> implement additional auth options as well.
> The credentials do not have to survive an application restart (desktop). 
> Storing credentials securely will be addressed in a separate issue.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to