[jira] [Reopened] (SOLR-12120) New plugin type AuditLoggerPlugin

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Reopened] (SOLR-12120) New plugin type AuditLoggerPlugin

JIRA jira@apache.org

     [ https://issues.apache.org/jira/browse/SOLR-12120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hoss Man reopened SOLR-12120:

Jan: even after your latest fixes, AuditLoggerIntegrationTest.testAsyncQueueDrain is still failing between 10-15% of it's jenkins runs ...most seem to be on master (but i'm not sure if that's just because we have more jenkins master jobs)

(Note: AuditLoggerIntegrationTest.testAsync is also failing occasionaly, but at a much lower rate)

> New plugin type AuditLoggerPlugin
> ---------------------------------
>                 Key: SOLR-12120
>                 URL: https://issues.apache.org/jira/browse/SOLR-12120
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public)
>          Components: security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>             Fix For: 8.1
>          Time Spent: 3h 10m
>  Remaining Estimate: 0h
> Solr needs a well defined plugin point to implement audit logging functionality, which is independent from whatever {{AuthenticationPlugin}} or {{AuthorizationPlugin}} are in use at the time.
> It seems reasonable to introduce a new plugin type {{AuditLoggerPlugin}}. It could be configured in solr.xml or it could be a third type of plugin defined in {{security.json}}, i.e.
> {code:java}
> {
>   "authentication" : { "class" : ... },
>   "authorization" : { "class" : ... },
>   "auditlogging" : { "class" : "x.y.MyAuditLogger", ... }
> }
> {code}
> We could then instrument SolrDispatchFilter to the audit plugin with an AuditEvent at important points such as successful authentication:
> {code:java}
> auditLoggerPlugin.audit(new SolrAuditEvent(EventType.AUTHENTICATED, request)); 
> {code}
>  We will mark the impl as {{@lucene.experimental}} in the first release to let it settle as people write their own plugin implementations.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]