Package org.apache.solr.security

Class HadoopAuthPlugin

  • All Implemented Interfaces:
    Closeable, AutoCloseable, SolrInfoBean, SolrMetricProducer
    Direct Known Subclasses:
    ConfigurableInternodeAuthHadoopPlugin
    public class HadoopAuthPlugin
extends AuthenticationPlugin
    This class implements a generic plugin which can use authentication schemes exposed by the Hadoop framework. This plugin supports following features - integration with authentication mehcanisms (e.g. kerberos) - Delegation token support - Proxy users (or secure impersonation) support This plugin enables defining configuration parameters required by the undelying Hadoop authentication mechanism. These configuration parameters can either be specified as a Java system property or the default value can be specified as part of the plugin configuration. The proxy users are configured by specifying relevant Hadoop configuration parameters. Please note that the delegation token support must be enabled for using the proxy users support. Note - this class does not support configuring authentication mechanism for Solr internal communication. For this purpose ConfigurableInternodeAuthHadoopPlugin should be used. If this plugin is used in the SolrCloud mode, it will use PKI based authentication mechanism for Solr internal communication.

    • Field Detail

      • PROXY_USER_CONFIGS

        public static final String PROXY_USER_CONFIGS
        A property which configures proxy users for the underlying Hadoop authentication mechanism. This configuration is expressed as a collection of key-value pairs (i.e. property-name : value).
        See Also:
        Constant Field Values

    • Constructor Detail

      • HadoopAuthPlugin

        public HadoopAuthPlugin​(CoreContainer coreContainer)

    • Method Detail

      • init

        public void init​(Map<String,​Object> pluginConfig)
        Description copied from class: AuthenticationPlugin
        This is called upon loading up of a plugin, used for setting it up.
        Specified by:
        init in class AuthenticationPlugin
        Parameters:
        pluginConfig - Config parameters, possibly from a ZK source

      • getInitFilterConfig

        protected javax.servlet.FilterConfig getInitFilterConfig​(Map<String,​Object> pluginConfig)

      • doAuthenticate

        public boolean doAuthenticate​(javax.servlet.ServletRequest request,
                              javax.servlet.ServletResponse response,
                              javax.servlet.FilterChain filterChain)
                       throws Exception
        Description copied from class: AuthenticationPlugin
        This method attempts to authenticate the request. Upon a successful authentication, this must call the next filter in the filter chain and set the user principal of the request, or else, upon an error or an authentication failure, throw an exception.
        Specified by:
        doAuthenticate in class AuthenticationPlugin
        Parameters:
        request - the http request
        response - the http response
        filterChain - the servlet filter chain
        Returns:
        false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
        Throws:
        Exception - any exception thrown during the authentication, e.g. PrivilegedActionException