You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2018/04/13 22:41:00 UTC

[jira] [Commented] (SOLR-12120) New plugin type AuditLoggerPlugin

    [ https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16438027#comment-16438027 ] 

Jan Høydahl commented on SOLR-12120:
------------------------------------

I also added a new EventType {{COMPLETED}} which is logged when a search is completed (or failed).

Agree that what types you want to log will vary. We could leave it up to concrete implementations, but probably the framework should aid with some configuration options that makes it possible to log only some types, or to avoid firing AUTHENTICATED event if the call continues etc.

I've also added support for multiple loggers being called in a chain. So far that is done with a MultiLogger impl that takes a list of other loggers in the config. But I wonder if perhaps we should also support a JSON array notation natively?:
{code:javascript}
"auditlogging" : [
  { "class" : "solr.Audit1", ... },
  { "class" : "solr.Audit2", ... }
]
{code}

> New plugin type AuditLoggerPlugin
> ---------------------------------
>
>                 Key: SOLR-12120
>                 URL: https://issues.apache.org/jira/browse/SOLR-12120
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>          Time Spent: 2h 20m
>  Remaining Estimate: 0h
>
> Solr needs a well defined plugin point to implement audit logging functionality, which is independent from whatever {{AuthenticationPlugin}} or {{AuthorizationPlugin}} are in use at the time.
> It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It could be configured in solr.xml or it could be a third type of plugin defined in {{security.json}}, i.e.
> {code:java}
> {
>   "authentication" : { "class" : ... },
>   "authorization" : { "class" : ... },
>   "auditlogging" : { "class" : "x.y.MyAuditLogger", ... }
> }
> {code}
> We could then instrument SolrDispatchFilter to the audit plugin with an AuditEvent at important points such as successful authentication:
> {code:java}
> auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, request)); 
> {code}
>  We will mark the impl as {{@lucene.experimental}} in the first release to let it settle as people write their own plugin implementations.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org