Details
-
Improvement
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
7.1
-
None
-
None
Description
Solr authorization framework expects request handler to implement PermissionNameProvider interface so that the type of the permission for the request can be extracted. Currently not all request handlers implement PermissionNameProvider, requiring authorization plugin implementation to check this case explicitly and return OK. During code review of SENTRY-1475, this issue was discussed. Since PermissionNameProvider.Name enum provides "ALL" permission type, it should be possible to have every request handler to implement PermissionNameProvider interface and provide "ALL" permission type if no authorization checks are necessary.
The secondary benefit of this work would be that we can review all the request handlers and ensure that we aren't missing authorization support for any request handlers which provide sensitive information.
Attachments
Issue Links
- duplicates
-
-
- Resolved
-
- is related to
-
SOLR-7890 By default require admin rights to access /security.json in ZK
-
- Resolved
-
- is required by
-
-
- Closed
-
- links to
