You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2021/08/25 13:06:00 UTC

[jira] [Commented] (SOLR-15296) Provide allowlisting mechanism in the JWT auth plugin to ignore paths like login

    [ https://issues.apache.org/jira/browse/SOLR-15296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17404432#comment-17404432 ] 

Jan Høydahl commented on SOLR-15296:
------------------------------------

This also ties in with {{blockUnknown}} flag, I believe if blockUnknown=false then it is possible to defer to RBAC whether to allow a path or not.  But many users want to run with blockUnknown=true, so it has to work there as well.

Please change the title of this Jira to be generic, and not only about JWT.

> Provide allowlisting mechanism in the JWT auth plugin to ignore paths like login
> --------------------------------------------------------------------------------
>
>                 Key: SOLR-15296
>                 URL: https://issues.apache.org/jira/browse/SOLR-15296
>             Project: Solr
>          Issue Type: Wish
>          Components: Authorization, Plugin system
>            Reporter: Zhenxu Ke
>            Assignee: David Eric Pugh
>            Priority: Major
>
> I'm recently working (with [~epugh] ) on YASA to make it work under the auth plugins.
>  
> I saw in the codes that the authenticator allowlists the Admin login path `{{/solr/` explicitly}}, while for YASA, its path must start with `{{/v2`}} , not matching the whitelisted paths and will be intercepted, hence the login page won't be reached and redirected, I also didn't find a allowlisting mechanism in the JWT auth plugin, and [RBAP|https://nightlies.apache.org/Solr/Solr-reference-guide-main/rule-based-authorization-plugin.html] doesn't seem to fit this case either. So I'm wondering if it's possible to provide allowlisting mechanism in the JWT auth plugin, so that users can configure the login paths for plugins like YASA to work?
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org