lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hrishikesh Gadre (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-11238) Solr authorization plugin is not able to pass additional params downstream
Date Tue, 24 Oct 2017 21:42:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-11238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16217752#comment-16217752
] 

Hrishikesh Gadre commented on SOLR-11238:
-----------------------------------------

Update - 2 months after posting this patch, I found an alternative to extract username and
associated roles in the search component without requiring this fix.

https://github.com/hgadre/sentry/blob/a4ecc83d3e92c81e61aa5441102a9bcd6e90d421/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/component/QueryDocAuthorizationComponent.java

I think we should close this jira as "Won't fix" since currently there is no use-case which
requires this functionality. 

> Solr authorization plugin is not able to pass additional params downstream
> --------------------------------------------------------------------------
>
>                 Key: SOLR-11238
>                 URL: https://issues.apache.org/jira/browse/SOLR-11238
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 6.6
>            Reporter: Hrishikesh Gadre
>         Attachments: SOLR-11238.patch
>
>
> Authorization checks in Solr are implemented by invoking configured authorization plugin
with AuthorizationContext object. The plugin is expected to return an AuthorizationResponse
object which provides the result (which can be OK/FORBIDDEN/PROMPT).
> In some cases (e.g. document level security implemented in Apache Sentry), it is useful
for the authorization plugin to add (or override) the request parameters sent by the user
(which are represented as SolrParams in [AuthorizationContext| https://github.com/apache/lucene-solr/blob/3cbbecca026eb2a9491fa4a24ecc2c43c26e58bd/solr/core/src/java/org/apache/solr/security/AuthorizationContext.java#L38]).
This jira is to introduce an ability to customize the parameters by the authorization plugin.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message