Package org.apache.solr.security

Class JWTAuthPlugin

    • Constructor Detail

      • JWTAuthPlugin

        public JWTAuthPlugin()
        Initialize plugin

    • Method Detail

      • init

        public void init​(Map<String,​Object> pluginConfig)
        Description copied from class: AuthenticationPlugin
        This is called upon loading up of a plugin, used for setting it up.
        Specified by:
        init in class AuthenticationPlugin
        Parameters:
        pluginConfig - Config parameters, possibly from a ZK source

      • doAuthenticate

        public boolean doAuthenticate​(javax.servlet.ServletRequest servletRequest,
                              javax.servlet.ServletResponse servletResponse,
                              javax.servlet.FilterChain filterChain)
                       throws Exception
        Main authentication method that looks for correct JWT token in the Authorization header
        Specified by:
        doAuthenticate in class AuthenticationPlugin
        Parameters:
        servletRequest - the http request
        servletResponse - the http response
        filterChain - the servlet filter chain
        Returns:
        false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
        Throws:
        Exception - any exception thrown during the authentication, e.g. PrivilegedActionException

      • authenticate

        protected org.apache.solr.security.JWTAuthPlugin.JWTAuthenticationResponse authenticate​(String authorizationHeader)
        Testable authentication method
        Parameters:
        authorizationHeader - the http header "Authentication"
        Returns:
        AuthenticationResponse object

      • edit

        public Map<String,​Object> edit​(Map<String,​Object> latestConf,
                                     List<CommandOperation> commands)
        Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException. return a null if no changes are to be made as a result of this edit. It is the responsibility of the implementation to ensure that the returned config is valid . The framework does no validation of the data
        Specified by:
        edit in interface ConfigEditablePlugin
        Parameters:
        latestConf - latest version of config
        commands - the list of command operations to perform

      • generateAuthDataHeader

        protected String generateAuthDataHeader()

      • interceptInternodeRequest

        protected boolean interceptInternodeRequest​(org.apache.http.HttpRequest httpRequest,
                                            org.apache.http.protocol.HttpContext httpContext)
        Description copied from class: AuthenticationPlugin
        Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

        If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

        Overrides:
        interceptInternodeRequest in class AuthenticationPlugin
        Parameters:
        httpRequest - the httpRequest that is about to be sent to another internal Solr node
        httpContext - the context of that request.
        Returns:
        true if this plugin handled authentication for the request, else false

      • interceptInternodeRequest

        protected boolean interceptInternodeRequest​(org.eclipse.jetty.client.api.Request request)
        Description copied from class: AuthenticationPlugin
        Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

        If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

        Overrides:
        interceptInternodeRequest in class AuthenticationPlugin
        Parameters:
        request - the httpRequest that is about to be sent to another internal Solr node
        Returns:
        true if this plugin handled authentication for the request, else false