[SOLR-7890] By default require admin rights to access /security.json in ZK - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: security
Labels:
None

Description

Perhaps VMParamsAllAndReadonlyDigestZkACLProvider should by default require admin access for read/write of /security.json, and other sensitive paths. Today this is left to the user to implement.

Also, perhaps factor out the already-known sensitive paths into a separate class, so that various ACLProvider implementations can get a list of paths that should be admin-only, read-only etc from one central place. Then 3rd party impls pulling ZK creds from elsewhere will still do the right thing in the future if we introduce other sensitive Znodes...

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SOLR-7890.patch
21/Aug/15 13:04
15 kB
Jan Høydahl

Issue Links

is duplicated by

SOLR-10100 Hiding credentials from security.json when retrieving through /admin/zookeeper

Resolved

relates to

SOLR-11623 Every request handler in Solr should implement PermissionNameProvider interface

Closed

requires

SOLR-4580 Support for protecting content in ZK

Closed

Activity

People

Assignee:: Jan Høydahl

Reporter:: Jan Høydahl

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Aug/15 00:12

Updated:: 02/Dec/21 22:35

Resolved:: 02/Dec/21 22:35