Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14430

Authorization plugins should check roles from request

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      The AuthorizationContext exposes getUserPrincipal to the plugin, but it does not allow the plugin to interrogate the request for isUserInRole. If we trust the request enough to get a principal from it, then we should trust it enough to ask about roles, as those could have been defined and verified by an authentication plugin.

      This model would be an alternative to the current model where RuleBasedAuthorizationPlugin maintains its own user->role mapping.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mdrob Mike Drob
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: