You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Noble Paul (JIRA)" <ji...@apache.org> on 2015/06/25 15:36:04 UTC
[jira] [Updated] (SOLR-7692) Implement BasicAuth based impl for the
new Authentication/Authorization APIs
[ https://issues.apache.org/jira/browse/SOLR-7692?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Noble Paul updated SOLR-7692:
-----------------------------
Description:
This involves various components
h2. Authentication
A basic auth based authentication filter. This should retrieve the user credentials from ZK. The user name and sha1 hash of password should be stored in ZK
sample authentication json
{code:javascript}
{
"authentication":{
"class": "solr.BasicAuth",
"users" :{
"john" :{"09fljnklnoiuy98",
"david":"f678njfgfjnklnoiuy9865ty",
"pete": "87ykjnklndfhjh898uyiy98",
}
}
}
{code}
h2. authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{code:javascript}
{
"authorization": {
"class": "solr.ZKAuthorization",
"roles" :{
"admin" : ["john"]
"guest" : ["john", "david","pete"]
}
"permissions": {
"collectionadmin": {
"roles": ["admin"]
},
"coreadmin":{
"roles":["admin"]
},
"config-api": {
//all collections
"roles": ["admin"]
},
"schema-api": {
"roles": ["admin"]
},
"update": {
//all collections
"roles": null
},
"query":{
"roles":null
},
"mycoll_update": {
"collection": "mycoll",
"path":["/update/*"],
"roles": ["somebody"]//create a dir called /keys/somebody and put in usr.pwd files
}
}
}
}
{code}
We will also need to provide APIs to create users and assign them roles
was:
This involves various components
h2. Authentication
A basic auth based authentication filter. This should retrieve the user credentials from ZK. The user name and sha1 hash of password should be stored in ZK
sample authentication json
{code:javascript}
{
"authentication":{
"class": "solr.BasicAuth",
"users" :{
"john" :{
"pwd":"09fljnklnoiuy98",
"role":["admin", "guest"]
},
"david":{
"pwd":"f678njfgfjnklnoiuy9865ty",
"role":["guest"]
},
"pete": {
"pwd":"87ykjnklndfhjh898uyiy98",
"role":["guest"]
}
}
}
}
{code}
h2. authorization plugin
This would store the roles of various users and their privileges in ZK
sample authorization.json
{code:javascript}
{
"authorization": {
"class": "solr.ZKAuthorization",
"permissions": {
"collectionadmin": {
"roles": ["admin"]
},
"coreadmin":{
"roles":["admin"]
},
"config-api": {
//all collections
"roles": ["admin"]
},
"schema-api": {
"roles": ["admin"]
},
"update": {
//all collections
"roles": null
},
"query":{
"roles":null
},
"mycoll_update": {
"collection": "mycoll",
"path":["/update/*"],
"roles": ["somebody"]//create a dir called /keys/somebody and put in usr.pwd files
}
}
}
}
{code}
We will also need to provide APIs to create users and assign them roles
> Implement BasicAuth based impl for the new Authentication/Authorization APIs
> ----------------------------------------------------------------------------
>
> Key: SOLR-7692
> URL: https://issues.apache.org/jira/browse/SOLR-7692
> Project: Solr
> Issue Type: New Feature
> Reporter: Noble Paul
>
> This involves various components
> h2. Authentication
> A basic auth based authentication filter. This should retrieve the user credentials from ZK. The user name and sha1 hash of password should be stored in ZK
> sample authentication json
> {code:javascript}
> {
> "authentication":{
> "class": "solr.BasicAuth",
> "users" :{
> "john" :{"09fljnklnoiuy98",
> "david":"f678njfgfjnklnoiuy9865ty",
> "pete": "87ykjnklndfhjh898uyiy98",
> }
> }
> }
> {code}
> h2. authorization plugin
> This would store the roles of various users and their privileges in ZK
> sample authorization.json
> {code:javascript}
> {
> "authorization": {
> "class": "solr.ZKAuthorization",
> "roles" :{
> "admin" : ["john"]
> "guest" : ["john", "david","pete"]
> }
> "permissions": {
> "collectionadmin": {
> "roles": ["admin"]
> },
> "coreadmin":{
> "roles":["admin"]
> },
> "config-api": {
> //all collections
> "roles": ["admin"]
> },
> "schema-api": {
> "roles": ["admin"]
> },
> "update": {
> //all collections
> "roles": null
> },
> "query":{
> "roles":null
> },
> "mycoll_update": {
> "collection": "mycoll",
> "path":["/update/*"],
> "roles": ["somebody"]//create a dir called /keys/somebody and put in usr.pwd files
> }
> }
> }
> }
> {code}
> We will also need to provide APIs to create users and assign them roles
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org