You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nutch.apache.org by "Lewis John McGibbney (Jira)" <ji...@apache.org> on 2022/01/04 17:05:00 UTC

[jira] [Commented] (NUTCH-2925) Secure the Nutch REST API using Apache Shiro

    [ https://issues.apache.org/jira/browse/NUTCH-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17468743#comment-17468743 ] 

Lewis John McGibbney commented on NUTCH-2925:
---------------------------------------------

[~markus17] didn't really like the idea of providing security for the Nutch WebApp. I closed that ticket off due to the deprecation of the 2.x codebase.
I'll see if there is some way I can make the REST API security layer configurable.

> Secure the Nutch REST API using Apache Shiro
> --------------------------------------------
>
>                 Key: NUTCH-2925
>                 URL: https://issues.apache.org/jira/browse/NUTCH-2925
>             Project: Nutch
>          Issue Type: Improvement
>          Components: REST_api, security
>            Reporter: Lewis John McGibbney
>            Assignee: Lewis John McGibbney
>            Priority: Major
>
> We use nutch-helm to provide a convenient mechanism for certain internal stakeholders to interact with Nutch via REST. 
> API security is entirely lacking from the REST API.
> I propose to secure it using the popular [Apache Shiro framework|https://shiro.apache.org/].
> I am using [Protecting JAX-RS Resources with RBAC and Apache Shiro|https://stormpath.com/blog/protecting-jax-rs-resources-rbac-apache-shiro] as a source of guidance.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)