lucene-solr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Solr Wiki] Trivial Update of "SolrSecurity" by Per Steffensen
Date Wed, 06 Mar 2013 15:28:16 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification.

The "SolrSecurity" page has been changed by Per Steffensen:
http://wiki.apache.org/solr/SolrSecurity?action=diff&rev1=31&rev2=32

   * ''order'' is the order of this "rule" relative to the other "rules". Unfortunately it
is not enough just to make sure the "rules" are ordered correctly in the web.xml, because
the init-params might not be provided to the filter in that order
   * ''comma-separated-roles'' is a comma separated list of "roles" allowed to access paths
matching ''path-regular-expressoin'' of the same "rule"
   * ''path-regular-expression'' is a regular expression (as understood by java.util.regex.Pattern)
matched against the path of a particular request hitting the filter. 
- RegExpAuthorizationFilter iterates "rules" in the given order, matches the request-path
against its ''path-regular-expression''. If no match continues to next "rule", if match the
next "rule" is never considered. Of no "rules" match the request is allowed to proceed - it
passed authorization so to speak. In case of a match the authenticated user will be matched
against the roles in ''comma-separated-roles'' and only allowed access in case he is in one
of the roles mentioned. In case he is not the filter will return a response with status-code
403 "Unauthorized".
+ RegExpAuthorizationFilter iterates "rules" in the given order, matches the request-path
against its ''path-regular-expression''. If no match continues to next "rule", if match the
next "rule" is never considered. If no "rules" match the request is allowed to proceed - it
passed authorization so to speak. In case of a match the authenticated user will be matched
against the roles in ''comma-separated-roles'' and only allowed access in case he is in one
of the roles mentioned. In case he is not the filter will return a response with status-code
403 "Unauthorized".
  
  === Resin example ===
  

Mime
View raw message