You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Zhenxu Ke (Jira)" <ji...@apache.org> on 2021/03/26 12:39:00 UTC

[jira] [Created] (SOLR-15296) Provide allowlisting mechanism in the JWT auth plugin to ignore paths like login

Zhenxu Ke created SOLR-15296:
--------------------------------

             Summary: Provide allowlisting mechanism in the JWT auth plugin to ignore paths like login
                 Key: SOLR-15296
                 URL: https://issues.apache.org/jira/browse/SOLR-15296
             Project: Solr
          Issue Type: Wish
      Security Level: Public (Default Security Level. Issues are Public)
          Components: Authorization, Plugin system
            Reporter: Zhenxu Ke


I'm recently working (with [~epugh] ) on YASA to make it work under the auth plugins.
 
I saw in the codes that the authenticator allowlists the Admin login path `{{/solr/` explicitly}}, while for YASA, its path must start with `{{/v2`}} , not matching the whitelisted paths and will be intercepted, hence the login page won't be reached and redirected, I also didn't find a allowlisting mechanism in the JWT auth plugin, and [RBAP|https://nightlies.apache.org/Solr/Solr-reference-guide-main/rule-based-authorization-plugin.html] doesn't seem to fit this case either. So I'm wondering if it's possible to provide allowlisting mechanism in the JWT auth plugin, so that users can configure the login paths for plugins like YASA to work?
 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org