lucene-solr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Solr Wiki] Trivial Update of "SolrSecurity" by Per Steffensen
Date Wed, 06 Mar 2013 15:26:48 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification.

The "SolrSecurity" page has been changed by Per Steffensen:
http://wiki.apache.org/solr/SolrSecurity?action=diff&rev1=30&rev2=31

  {{{
  <filter>
    <filter-name>RegExpAuthorizationFilter</filter-name>
-   <filter-class>org.apache.solr.servlet..security.RegExpAuthorizationFilter</filter-class>
+   <filter-class>org.apache.solr.servlet.security.RegExpAuthorizationFilter</filter-class>
    <init-param>
      <param-name>search-constraint</param-name>
      <param-value>1|update-role,admin-role|^.*/update$</param-value>
@@ -249, +249 @@

  The RegExpAuthorizationFilter verifies authorization by matching paths against patterns
- but support regular expression patterns. The patterns and corresponding "allowed roles"
are provided to RegExpAuthorizationFilter using init-params. You provide an init-param for
every "rule" you want to set up. Each init-param has to have a value on the from "<order>|<comma-separated-roles>|<path-regular-expression>"
where
   * ''order'' is the order of this "rule" relative to the other "rules". Unfortunately it
is not enough just to make sure the "rules" are ordered correctly in the web.xml, because
the init-params might not be provided to the filter in that order
   * ''comma-separated-roles'' is a comma separated list of "roles" allowed to access paths
matching ''path-regular-expressoin'' of the same "rule"
+  * ''path-regular-expression'' is a regular expression (as understood by java.util.regex.Pattern)
matched against the path of a particular request hitting the filter. 
-  * ''path-regular-expression'' is a regular expression (as understood by java.util.regex.Pattern)
matched against the path of a particular request hitting the filter. RegExpAuthorizationFilter
iterates "rules" in the given order, matches the request-path against its ''path-regular-expression''.
If no match continues to next "rule", if match the next "rule" is never considered. Of no
"rules" match the request is allowed to proceed - it passed authorization so to speak. In
case of a match the authenticated user will be matched against the roles in ''comma-separated-roles''
and only allowed access in case he is in one of the roles mentioned. In case he is not the
filter will return a response with status-code 403 "Unauthorized".
+ RegExpAuthorizationFilter iterates "rules" in the given order, matches the request-path
against its ''path-regular-expression''. If no match continues to next "rule", if match the
next "rule" is never considered. Of no "rules" match the request is allowed to proceed - it
passed authorization so to speak. In case of a match the authenticated user will be matched
against the roles in ''comma-separated-roles'' and only allowed access in case he is in one
of the roles mentioned. In case he is not the filter will return a response with status-code
403 "Unauthorized".
  
  === Resin example ===
  

Mime
View raw message