Package org.apache.solr.security

Class AuthenticationPlugin

    • Field Detail

      • registryName

        protected String registryName

      • numErrors

        protected com.codahale.metrics.Meter numErrors

      • requests

        protected com.codahale.metrics.Counter requests

      • requestTimes

        protected com.codahale.metrics.Timer requestTimes

      • totalTime

        protected com.codahale.metrics.Counter totalTime

      • numAuthenticated

        protected com.codahale.metrics.Counter numAuthenticated

      • numPassThrough

        protected com.codahale.metrics.Counter numPassThrough

      • numWrongCredentials

        protected com.codahale.metrics.Counter numWrongCredentials

      • numMissingCredentials

        protected com.codahale.metrics.Counter numMissingCredentials

    • Constructor Detail

      • AuthenticationPlugin

        public AuthenticationPlugin()

    • Method Detail

      • init

        public abstract void init​(Map<String,​Object> pluginConfig)
        This is called upon loading up of a plugin, used for setting it up.
        Parameters:
        pluginConfig - Config parameters, possibly from a ZK source

      • doAuthenticate

        public abstract boolean doAuthenticate​(javax.servlet.ServletRequest request,
                                       javax.servlet.ServletResponse response,
                                       javax.servlet.FilterChain filterChain)
                                throws Exception
        This method attempts to authenticate the request. Upon a successful authentication, this must call the next filter in the filter chain and set the user principal of the request, or else, upon an error or an authentication failure, throw an exception.
        Parameters:
        request - the http request
        response - the http response
        filterChain - the servlet filter chain
        Returns:
        false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
        Throws:
        Exception - any exception thrown during the authentication, e.g. PrivilegedActionException

      • authenticate

        public final boolean authenticate​(javax.servlet.ServletRequest request,
                                  javax.servlet.ServletResponse response,
                                  javax.servlet.FilterChain filterChain)
                           throws Exception
        This method is called by SolrDispatchFilter in order to initiate authentication. It does some standard metrics counting.
        Throws:
        Exception

      • interceptInternodeRequest

        protected boolean interceptInternodeRequest​(org.apache.http.HttpRequest httpRequest,
                                            org.apache.http.protocol.HttpContext httpContext)
        Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

        If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

        Parameters:
        httpRequest - the httpRequest that is about to be sent to another internal Solr node
        httpContext - the context of that request.
        Returns:
        true if this plugin handled authentication for the request, else false

      • interceptInternodeRequest

        protected boolean interceptInternodeRequest​(org.eclipse.jetty.client.api.Request request)
        Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

        If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

        Parameters:
        request - the httpRequest that is about to be sent to another internal Solr node
        Returns:
        true if this plugin handled authentication for the request, else false

      • closeRequest

        public void closeRequest()
        Cleanup any per request data

      • getName

        public String getName()
        Description copied from interface: SolrInfoBean
        Simple common usage name, e.g. BasicQueryHandler, or fully qualified class name.
        Specified by:
        getName in interface SolrInfoBean

      • getMetricNames

        public Set<String> getMetricNames()
        Description copied from interface: SolrInfoBean
        Modifiable set of metric names that this component reports (default is null, which means none). If not null then this set is used by SolrInfoBean.registerMetricName(String) to capture what metrics names are reported from this component.

        NOTE: this set has to allow iteration under modifications.

        Specified by:
        getMetricNames in interface SolrInfoBean

      • getMetricRegistry

        public com.codahale.metrics.MetricRegistry getMetricRegistry()
        Description copied from interface: SolrInfoBean
        An instance of MetricRegistry that this component uses for metrics reporting (default is null, which means no registry).
        Specified by:
        getMetricRegistry in interface SolrInfoBean