You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2018/10/09 13:50:00 UTC

[jira] [Commented] (SOLR-7896) Add a login page for Solr Administrative Interface

    [ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16643457#comment-16643457 ] 

Jan Høydahl commented on SOLR-7896:
-----------------------------------

See [GitHub Pull Request #465|https://github.com/apache/lucene-solr/pull/465] for my first iteration of my above plan. Features:
 * UI behaves exactly the same if no auth is enabled
 * On first HTTP 401 response from Solr (may come when e.g. attempting to delete a collection), login page shows up
 !login-page.png|width=500!
 * Once logged in, the browser stores HTTP header in session storage and displays who is logged in. Clicking that meny brings you to the login page but with a Logout button:
 !logout.png|width=300!
 * If some other auth plugin than Basic is enabled, you get an error msg
 !unknown_scheme.png|width=500!

Appreciate review comments.

Feel free to check out my branch and test locally. You can enable auth by cmd line
{code:java}
bin/solr auth enable -credentials solr:solr -blockUnknown true{code}
 

> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
>                 Key: SOLR-7896
>                 URL: https://issues.apache.org/jira/browse/SOLR-7896
>             Project: Solr
>          Issue Type: New Feature
>          Components: Admin UI, security
>    Affects Versions: 5.2.1
>            Reporter: Aaron Greenspan
>            Assignee: Jan Høydahl
>            Priority: Major
>              Labels: authentication, login, password
>             Fix For: master (8.0)
>
>         Attachments: dispatchfilter-code.png, login-page.png, logout.png, unknown_scheme.png
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Now that Solr supports Authentication plugins, the missing piece is to be allowed access from Admin UI when authentication is enabled. For this we need
>  * Some plumbing in Admin UI that allows the UI to detect 401 responses and redirect to login page
>  * Possibility to have multiple login pages depending on auth method and redirect to the correct one
>  * [AngularJS HTTP interceptors|https://docs.angularjs.org/api/ng/service/$http#interceptors] to add correct HTTP headers on all requests when user is logged in
> This issue should aim to implement some of the plumbing mentioned above, and make it work with Basic Auth.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org