Package org.apache.solr.security

Class RuleBasedAuthorizationPluginBase

java.lang.Object
org.apache.solr.security.RuleBasedAuthorizationPluginBase
All Implemented Interfaces:
Closeable, AutoCloseable, org.apache.solr.common.SpecProvider, AuthorizationPlugin, ConfigEditablePlugin
Direct Known Subclasses:
ExternalRoleRuleBasedAuthorizationPlugin, MultiAuthRuleBasedAuthorizationPlugin, RuleBasedAuthorizationPlugin
public abstract class RuleBasedAuthorizationPluginBase extends Object implements AuthorizationPlugin, ConfigEditablePlugin, org.apache.solr.common.SpecProvider
Base class for rule based authorization plugins

  • Constructor Details

    • RuleBasedAuthorizationPluginBase

      public RuleBasedAuthorizationPluginBase()

  • Method Details

    • authorize

      public AuthorizationResponse authorize(AuthorizationContext context)
      Specified by:
      authorize in interface AuthorizationPlugin

    • getPermissionNamesForRoles

      public Set<String> getPermissionNamesForRoles(Collection<String> roles)
      Retrieves permission names for a given set of roles.

      There are two special role names that can be used in the roles list:

      • null meaning permission granted for all requests, even without a role
      • "*" meaning any role will grant the permission
      In order to obtain all permissions a user has based on the user's roles, you also need to include these two special roles to get the full list.
      Parameters:
      roles - a collection of role names.

    • doesUserHavePermission

      public boolean doesUserHavePermission(Principal principal, PermissionNameProvider.Name permission)

    • init

      public void init(Map<String,Object> initInfo)
      Specified by:
      init in interface AuthorizationPlugin

    • getUserRoles

      public Set<String> getUserRoles(AuthorizationContext context)
      Finds user roles
      Parameters:
      context - the authorization context to load roles from
      Returns:
      set of roles as strings or empty set if no roles are found

    • getUserRoles

      public abstract Set<String> getUserRoles(Principal principal)
      Finds users roles
      Parameters:
      principal - the user Principal to fetch roles for
      Returns:
      set of roles as strings or empty set if no roles found

    • close

      public void close() throws IOException
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Throws:
      IOException

    • edit

      public Map<String,Object> edit(Map<String,Object> latestConf, List<org.apache.solr.common.util.CommandOperation> commands)
      Description copied from interface: ConfigEditablePlugin
      Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException. return a null if no changes are to be made as a result of this edit. It is the responsibility of the implementation to ensure that the returned config is valid . The framework does no validation of the data
      Specified by:
      edit in interface ConfigEditablePlugin

    • getSpec

      public org.apache.solr.common.util.ValidatingJsonMap getSpec()
      Specified by:
      getSpec in interface org.apache.solr.common.SpecProvider