[SENTRY-115] Give bindings the ability to access the group mappings - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.0
Fix Version/s: 1.4.0
Component/s: None
Labels:
None

Description

This is a use case for document-level security with solr.

In this setup, the solr document itself would store the authorization tokens, rather than having them stored directly in sentry. It wouldn't be feasible to store them directly in sentry, as there could be million of documents, and storing them in say, an .ini file would be expensive and slow.

Instead, the sentry binding would grab the groups associated with the user, and modify the user's query in order to only return documents that contain (at least one) of the user's groups in the auth tokens.

Today, there is no way for the binding layer to access the mapping service; the group mapping happens "behind the scenes" when hasAccess is called. The simplest way of providing this functionality is probably to add a function to get the GroupMappingService from the AuthorizationProvider.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-115.4.patch
12/Feb/14 23:55
14 kB
Brock Noland
SENTRY-115v4.patch
12/Feb/14 23:49
14 kB
Gregory Chanan
SENTRY-115v2.patch
10/Feb/14 19:26
5 kB
Gregory Chanan

Activity

People

Assignee:: Gregory Chanan

Reporter:: Gregory Chanan

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 08/Feb/14 01:34

Updated:: 13/Feb/14 16:28

Resolved:: 13/Feb/14 16:22