You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jason Gerlowski (JIRA)" <ji...@apache.org> on 2019/07/15 19:59:00 UTC

[jira] [Updated] (SOLR-13638) Add verbose debug/trace logging to RuleBasedAuthorizationPlugin

     [ https://issues.apache.org/jira/browse/SOLR-13638?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Gerlowski updated SOLR-13638:
-----------------------------------
    Attachment: SOLR-13638.patch
        Status: Open  (was: Open)

I've attached a patch with some logging that I've found useful in the past.
* at 'debug' level, administrators get information about which rule-group is being checked currently (admin rules, rules for the specific collection, rules for all ("*") collections, etc.), which rule is eventually chosen to govern the request, and the result.
* at 'trace' level, administrators see the list of rules belonging to each group, and an explanation of why each rule does or doesn't match the given request.

Right now to get this logging, Solr administrators would have to bump the log-level for org.apache.solr.security.RuleBasedAuthorizationPlugin to debug or trace.  This is fine in test and development clusters, but in busy clusters handling a lot of requests this might produce tons of noise.  Another idea I was toying with was introducing a {{debugAuth=true}} query-parameter flag that users could include on their request to trigger this additional logging.  It's a little hacky, but it would make it easier to isolate the debug information for a single given request.  I'll probably steer clear of it, unless anyone particularly likes the idea.

> Add verbose debug/trace logging to RuleBasedAuthorizationPlugin
> ---------------------------------------------------------------
>
>                 Key: SOLR-13638
>                 URL: https://issues.apache.org/jira/browse/SOLR-13638
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: master (9.0)
>            Reporter: Jason Gerlowski
>            Assignee: Jason Gerlowski
>            Priority: Minor
>         Attachments: SOLR-13638.patch
>
>
> Every so often I find myself trying to understand why the {{RuleBasedAuthorizationPlugin}} rules in my security.json produce the results they do.  This would be much easier to troubleshoot if the class had logging (either under DEBUG, or TRACE) that was verbose enough to figure out what order rules were checked in, and why particular rules didn't match a given request.
> This jira covers adding logging that can help administrators better understand issues with their security.json.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org