Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9702

Authentication & Authorization based on Jetty security

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 6.2.1
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      (following up on comments initially posted on SOLR-7275).

      Back in Solr 4 days, user authentication could be handled by Jetty, and some level of authorization could be implemented using request regexp rules. This was explicitly documented in the SolrSecurity page:

      http://wiki.apache.org/solr/SolrSecurity?action=recall&rev=35#Jetty_realm_example

      In particular, authentication could thus be performed against a variety of services implemented in Jetty, such as HashLoginService (mentioned explicitly in the above documentation, tested in production, does work) or possibly JAASLoginService, which in turn would open up the possibility to use a whole range of auth services (in particular LDAP servers).

      I see that the usage of Jetty is now "an implementation detail". Does this mean that the feature listed above is not supported anymore? (This is quite unfortunate IMO, as even just the HashLoginService would be useful to authenticate users against a database of UNIX crypt(3) passwords)

      The new login services that are apparently being reimplemented in Solr itself seem to be much less flexible and limited.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              quinot Thomas Quinot
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: