You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2018/10/09 13:50:00 UTC
[jira] [Commented] (SOLR-7896) Add a login page for Solr
Administrative Interface
[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16643457#comment-16643457 ]
Jan Høydahl commented on SOLR-7896:
-----------------------------------
See [GitHub Pull Request #465|https://github.com/apache/lucene-solr/pull/465] for my first iteration of my above plan. Features:
* UI behaves exactly the same if no auth is enabled
* On first HTTP 401 response from Solr (may come when e.g. attempting to delete a collection), login page shows up
!login-page.png|width=500!
* Once logged in, the browser stores HTTP header in session storage and displays who is logged in. Clicking that meny brings you to the login page but with a Logout button:
!logout.png|width=300!
* If some other auth plugin than Basic is enabled, you get an error msg
!unknown_scheme.png|width=500!
Appreciate review comments.
Feel free to check out my branch and test locally. You can enable auth by cmd line
{code:java}
bin/solr auth enable -credentials solr:solr -blockUnknown true{code}
> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
> Key: SOLR-7896
> URL: https://issues.apache.org/jira/browse/SOLR-7896
> Project: Solr
> Issue Type: New Feature
> Components: Admin UI, security
> Affects Versions: 5.2.1
> Reporter: Aaron Greenspan
> Assignee: Jan Høydahl
> Priority: Major
> Labels: authentication, login, password
> Fix For: master (8.0)
>
> Attachments: dispatchfilter-code.png, login-page.png, logout.png, unknown_scheme.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Now that Solr supports Authentication plugins, the missing piece is to be allowed access from Admin UI when authentication is enabled. For this we need
> * Some plumbing in Admin UI that allows the UI to detect 401 responses and redirect to login page
> * Possibility to have multiple login pages depending on auth method and redirect to the correct one
> * [AngularJS HTTP interceptors|https://docs.angularjs.org/api/ng/service/$http#interceptors] to add correct HTTP headers on all requests when user is logged in
> This issue should aim to implement some of the plumbing mentioned above, and make it work with Basic Auth.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org