Package org.apache.solr.security

Class AllowListUrlChecker

java.lang.Object

org.apache.solr.security.AllowListUrlChecker

public class AllowListUrlChecker
extends Object

Validates URLs using an allow-list or a ClusterState in SolrCloud.

Field Summary

Fields

Modifier and Type	Field	Description
static final AllowListUrlChecker	ALLOW_ALL	Singleton checker which allows all URLs.
static final String	ENABLE_URL_ALLOW_LIST	System property to enable URL checking against an allow-list and ignore ALLOW_ALL.
static final String	SET_SOLR_DISABLE_URL_ALLOW_LIST_CLUE	Clue given in URL-forbidden exceptions messages.
static final String	URL_ALLOW_LIST	SolrXmlConfig property to configure the allowed URLs.

Constructor Summary

Constructors

Constructor	Description
AllowListUrlChecker(List<String> urlAllowList)

Method Summary

Modifier and Type	Method	Description
void	checkAllowList(List<String> urls)
void	checkAllowList(List<String> urls, org.apache.solr.common.cloud.ClusterState clusterState)	Checks that the given URLs are present in the configured allow-list or in the provided ClusterState (in case of cloud mode).
static AllowListUrlChecker	create(NodeConfig config)	Creates a URL checker based on the NodeConfig property to configure the allowed URLs.
Set<String>	getHostAllowList()	Only for testing.
boolean	hasExplicitAllowList()	Whether this checker has been created with a non-empty allow-list of URLs.
boolean	isEnabled()	Whether the URL checking is enabled.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

URL_ALLOW_LIST

public static final String URL_ALLOW_LIST

SolrXmlConfig property to configure the allowed URLs.

See Also:

• Constant Field Values

ENABLE_URL_ALLOW_LIST

public static final String ENABLE_URL_ALLOW_LIST

System property to enable URL checking against an allow-list and ignore ALLOW_ALL.

See Also:

• Constant Field Values

SET_SOLR_DISABLE_URL_ALLOW_LIST_CLUE

public static final String SET_SOLR_DISABLE_URL_ALLOW_LIST_CLUE

Clue given in URL-forbidden exceptions messages.

See Also:

• Constant Field Values

ALLOW_ALL

public static final AllowListUrlChecker ALLOW_ALL

Singleton checker which allows all URLs. isEnabled() returns false.

Constructor Details

AllowListUrlChecker

public AllowListUrlChecker(List<String> urlAllowList)
                    throws MalformedURLException

Parameters:

urlAllowList - List of allowed URLs. URLs must be well-formed, missing protocol is tolerated. An empty list means there is no explicit allow-list of URLs, in this case no URL is allowed unless a ClusterState is provided in checkAllowList(List, ClusterState).

Throws:

MalformedURLException - If a URL is invalid.

Method Details

create

public static AllowListUrlChecker create(NodeConfig config)

Creates a URL checker based on the NodeConfig property to configure the allowed URLs.

checkAllowList

public void checkAllowList(List<String> urls)
                    throws MalformedURLException

Throws:

MalformedURLException

See Also:

• checkAllowList(List, ClusterState)

checkAllowList

public void checkAllowList(List<String> urls,
 org.apache.solr.common.cloud.ClusterState clusterState)
                    throws MalformedURLException

Checks that the given URLs are present in the configured allow-list or in the provided ClusterState (in case of cloud mode).

Parameters:

urls - The list of urls to check.

clusterState - The up to date ClusterState, can be null in case of non-cloud mode.

Throws:

MalformedURLException - If a URL is invalid.

org.apache.solr.common.SolrException - If a URL is not present in the allow-list or in the provided ClusterState.

hasExplicitAllowList

public boolean hasExplicitAllowList()

Whether this checker has been created with a non-empty allow-list of URLs.

isEnabled

public boolean isEnabled()

Whether the URL checking is enabled. Only ALLOW_ALL returns false.

getHostAllowList

public Set<String> getHostAllowList()

Only for testing.

toString

public String toString()

Overrides:

toString in class Object