[jira] [Commented] (TIKA-3725) Add Authorization to Tika Server (Suggest Basic to start off with)

["Nick Burch (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/TIKA-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17525588#comment-17525588 ] 

Nick Burch commented on TIKA-3725:
----------------------------------

Something like OAuth would be pretty different to basic auth, due to the need to do all the redirects. SSL client auth would be different again.

Maybe just focus on basic auth with username and password to start with? If so, I'd lean towards an interface which takes username + password and returns true/false. Then have a single implementation which supports a single username and password, username defaults to Tika and can be changed with ENV variable or config, password always required from ENV variable or config. Supporting a DB of user details (even if only .htpasswd style or like tomcat-users.xml) feels an overkill for v1

That's assuming we can't just find some CXF plugin to do it all for us....

> Add Authorization to Tika Server (Suggest Basic to start off with)
> ------------------------------------------------------------------
>
>                 Key: TIKA-3725
>                 URL: https://issues.apache.org/jira/browse/TIKA-3725
>             Project: Tika
>          Issue Type: New Feature
>          Components: tika-server
>    Affects Versions: 2.3.0
>            Reporter: Dan Coldrick
>            Priority: Minor
>
> I would be good to get some Authentication/Authorization added to TIKA server to be able to add another layer of security around the Tika Server Rest service.
> This could become a rabbit hole with the number of options available around Authentication/Authorization (Oauth, OpenId etc) so suggest as a starter basic Auth is added. 
> How to store user(s)/password suggest looking at how other apache products do the same?  



--
This message was sent by Atlassian Jira
(v8.20.7#820007)