You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Ishan Chattopadhyaya (JIRA)" <ji...@apache.org> on 2015/07/06 17:22:04 UTC
[jira] [Commented] (SOLR-7755) An API to edit the security params
[ https://issues.apache.org/jira/browse/SOLR-7755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14615159#comment-14615159 ]
Ishan Chattopadhyaya commented on SOLR-7755:
--------------------------------------------
Why does this need to be an endpoint in Solr? Can't all this be a wrapper around the /security.json in ZK and made available as a command line tool similar to zkcli?
The reason I think this shouldn't be an endpoint in Solr is that an admin might want to plan and setup security parameters in a cluster even before starting Solr. Also, authc/authz plugins in an already started up Solr cluster can add watches to the /security.json in ZK to monitor changes made through such a command line tool. That way, this API or "framework" wouldn't need to know what all to expect (i.e. "create-permission" or "add-user" or anything plugin specific).
Another challenge, that comes to mind, with having an endpoint like this: how would we secure this endpoint itself?
Thoughts, [~anshumg]?
> An API to edit the security params
> ----------------------------------
>
> Key: SOLR-7755
> URL: https://issues.apache.org/jira/browse/SOLR-7755
> Project: Solr
> Issue Type: Sub-task
> Components: security
> Reporter: Noble Paul
> Assignee: Noble Paul
>
> example
> {code}
> curl http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{
> "add-user" : {"name" : "tom",
> "role": ["admin","dev"]
> },
> "create-permission" :{"name":"mycoll-update",
> "before" :"some-other-permission",
> "path":"/update/*"
> "role":["dev","admin"]
> }
> }'
> {code}
> Please note that the set of parameters required for a basic ZK based impl will be completely different from that of a Kerberos implementation. However the framework would remain the same. The end point will remain the same, though
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org