You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "David Smiley (Jira)" <ji...@apache.org> on 2020/09/28 12:52:00 UTC

[jira] [Commented] (SOLR-10783) Using Hadoop Credential Provider as SSL/TLS store password source

    [ https://issues.apache.org/jira/browse/SOLR-10783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17203204#comment-17203204 ] 

David Smiley commented on SOLR-10783:
-------------------------------------

I noticed this issue modified bin/solr to add all of WEB-INF/lib JARs to the Jetty classpath when SSL options are used.  It's quite a hack to behold for those that understand webapps/servlets.  I think this deserved more discussion.  It appears this is needed because etc/jetty-ssl.xml has a call to {{org.apache.solr.util.configuration.SSLConfigurationsFactory}} which thus must be on Jetty's classpath (server/lib) but Solr doesn't live there.  I see two better options:
(A) add a new Solr code module for code at the Jetty level that would include this SSL thing and anything else (logging stuff?) that ought to exist at that level, plus configure Jetty to expose these classes to the Solr webapp in case Solr needs access as well.
(B) stop pretending Solr is some typical webapp with the classpath separation between server and webapp.  Merge Solr's classpath down into Jetty.  If Jetty insists on a webapp classloader existing, it'd be defunct -- nothing to load directly.

I think the project should choose "B". I filed SOLR-14902.

> Using Hadoop Credential Provider as SSL/TLS store password source
> -----------------------------------------------------------------
>
>                 Key: SOLR-10783
>                 URL: https://issues.apache.org/jira/browse/SOLR-10783
>             Project: Solr
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 7.0
>            Reporter: Mano Kovacs
>            Assignee: Mark Miller
>            Priority: Major
>             Fix For: 7.4, 8.0
>
>         Attachments: SOLR-10783-fix.patch, SOLR-10783.patch, SOLR-10783.patch, SOLR-10783.patch, SOLR-10783.patch, SOLR-10783.patch, SOLR-10783.patch, SOLR-10783.patch, SOLR-10783.patch
>
>
> As a second iteration of SOLR-10307, I propose support of hadoop credential providers as source of SSL store passwords. 
> Motivation: When SOLR is used in hadoop environment, support of  HCP gives better integration and unified method to pass sensitive credentials to SOLR.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org