You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Hrishikesh Gadre (JIRA)" <ji...@apache.org> on 2017/11/08 17:58:00 UTC

[jira] [Created] (SOLR-11623) Every request handler in Solr should implement PermissionNameProvider interface

Hrishikesh Gadre created SOLR-11623:
---------------------------------------

             Summary: Every request handler in Solr should implement PermissionNameProvider interface
                 Key: SOLR-11623
                 URL: https://issues.apache.org/jira/browse/SOLR-11623
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
    Affects Versions: 7.1
            Reporter: Hrishikesh Gadre


Solr authorization framework expects request handler to implement PermissionNameProvider interface so that the type of the permission for the request can be extracted. Currently not all request handlers implement PermissionNameProvider, requiring authorization plugin implementation to check this case explicitly and return OK. During code review of SENTRY-1475, this issue was discussed. Since  PermissionNameProvider.Name enum provides "ALL" permission type, it should be possible to have every request handler to implement PermissionNameProvider interface and provide "ALL" permission type if no authorization checks are necessary.

The secondary benefit of this work would be that we can review all the request handlers and ensure that we aren't missing authorization support for any request handlers which provide sensitive information.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org