You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/11/18 12:45:00 UTC

[jira] [Commented] (SOLR-11623) Every request handler in Solr should implement PermissionNameProvider interface

    [ https://issues.apache.org/jira/browse/SOLR-11623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17445899#comment-17445899 ] 

ASF subversion and git services commented on SOLR-11623:
--------------------------------------------------------

Commit e90f50fb070fc87e8929ba9a67a1499b7d3a3da0 in solr's branch refs/heads/main from Jan Høydahl
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=e90f50f ]

SOLR-11623 Every request handler in Solr implement PermissionNameProvider (#372)

* Make HEALTH_PERM apply to both node and collection-level
* Reqire CONFIG_EDIT_PERM when changing logging level
* Different access level to /security.json
* Require config-read for dump handler only when remote streaming is enabled
* Info-handler needs to delegate permissionName to sub handler
* Metrics permission both on system and collection level
* Add new health handler to UI list
* Admin UI display error on HTTP 403
* Add documentation for health permission, as well as new endpoints protected by metrics-read permission

> Every request handler in Solr should implement PermissionNameProvider interface
> -------------------------------------------------------------------------------
>
>                 Key: SOLR-11623
>                 URL: https://issues.apache.org/jira/browse/SOLR-11623
>             Project: Solr
>          Issue Type: Improvement
>    Affects Versions: 7.1
>            Reporter: Hrishikesh Gadre
>            Assignee: Jan Høydahl
>            Priority: Blocker
>             Fix For: main (9.0)
>
>          Time Spent: 7h
>  Remaining Estimate: 0h
>
> Solr authorization framework expects request handler to implement PermissionNameProvider interface so that the type of the permission for the request can be extracted. Currently not all request handlers implement PermissionNameProvider, requiring authorization plugin implementation to check this case explicitly and return OK. During code review of SENTRY-1475, this issue was discussed. Since  PermissionNameProvider.Name enum provides "ALL" permission type, it should be possible to have every request handler to implement PermissionNameProvider interface and provide "ALL" permission type if no authorization checks are necessary.
> The secondary benefit of this work would be that we can review all the request handlers and ensure that we aren't missing authorization support for any request handlers which provide sensitive information.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org