lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <>
Subject [jira] [Commented] (SOLR-12120) New plugin type AuditLoggerPlugin
Date Fri, 23 Mar 2018 11:50:00 GMT


Jan Høydahl commented on SOLR-12120:

Github pull request #342 ready for comments.

[~hgadre] can you have a look and consider whether your Audit logger plugin would be possible
to realise with this API? I made it asynchronous so you can call {{auditLoggerPlugin.auditAsync(event);}}
and continue the request immediately, while the audit framework processes the events on queue
with a background thread. Very simple but powerful concept.

I'm particularly looking for feedback for what other EventTypes we should have, and where
else in the code should do logging. I was considering passing the auditLogger to Auth plugins
so they can log wherever it seems fit, but currently I let DispatcherFilter and SolrCall do
all the logging based on what they got back from Auth/Autz. I feel that is a better solution,
and instead instrument AuthResponse to capture more fine-grained types.

> New plugin type AuditLoggerPlugin
> ---------------------------------
>                 Key: SOLR-12120
>                 URL:
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
> Solr needs a well defined plugin point to implement audit logging functionality, which
is independent from whatever {{AuthenticationPlugin}} or {{AuthorizationPlugin}} are in
use at the time.
> It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It could be
configured in solr.xml or it could be a third type of plugin defined in {{security.json}},
> {code:java}
> {
>   "authentication" : { "class" : ... },
>   "authorization" : { "class" : ... },
>   "auditlogging" : { "class" : "x.y.MyAuditLogger", ... }
> }
> {code}
> We could then instrument SolrDispatchFilter to the audit plugin with an AuditEvent at
important points such as successful authentication:
> {code:java}
> auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, request)); 
> {code}
>  We will mark the impl as {{@lucene.experimental}} in the first release to let it settle
as people write their own plugin implementations.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message