public class JWTAuthPlugin extends AuthenticationPlugin implements SpecProvider, ConfigEditablePlugin
SolrInfoBean.Category, SolrInfoBean.Group
AUTHENTICATION_PLUGIN_PROP, HTTP_HEADER_X_SOLR_AUTHDATA, numAuthenticated, numErrors, numMissingCredentials, numPassThrough, numWrongCredentials, requests, requestTimes, solrMetricsContext, totalTime
Constructor and Description |
---|
JWTAuthPlugin()
Initialize plugin
|
Modifier and Type | Method and Description |
---|---|
protected org.apache.solr.security.JWTAuthPlugin.JWTAuthenticationResponse |
authenticate(String authorizationHeader)
Testable authentication method
|
void |
close()
Implementations should always call
SolrMetricProducer.super.close() to ensure that
metrics with the same life-cycle as this component are properly unregistered. |
boolean |
doAuthenticate(javax.servlet.ServletRequest servletRequest,
javax.servlet.ServletResponse servletResponse,
javax.servlet.FilterChain filterChain)
Main authentication method that looks for correct JWT token in the Authorization header
|
Map<String,Object> |
edit(Map<String,Object> latestConf,
List<CommandOperation> commands)
Operate the commands on the latest conf and return a new conf object
If there are errors in the commands , throw a SolrException.
|
protected String |
generateAuthDataHeader() |
JWTIssuerConfig |
getIssuerConfigByName(String name)
Lookup issuer config by its name
|
List<JWTIssuerConfig> |
getIssuerConfigs() |
ValidatingJsonMap |
getSpec() |
void |
init(Map<String,Object> pluginConfig)
This is called upon loading up of a plugin, used for setting it up.
|
protected boolean |
interceptInternodeRequest(org.apache.http.HttpRequest httpRequest,
org.apache.http.protocol.HttpContext httpContext)
Override this method to intercept internode requests.
|
protected boolean |
interceptInternodeRequest(org.eclipse.jetty.client.api.Request request)
Override this method to intercept internode requests.
|
authenticate, closeRequest, getCategory, getDescription, getMetricNames, getName, getSolrMetricsContext, initializeMetrics
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getMetricRegistry, getMetricsSnapshot, registerMetricName
getUniqueMetricTag, initializeMetrics
public void init(Map<String,Object> pluginConfig)
AuthenticationPlugin
init
in class AuthenticationPlugin
pluginConfig
- Config parameters, possibly from a ZK sourcepublic boolean doAuthenticate(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain) throws Exception
doAuthenticate
in class AuthenticationPlugin
servletRequest
- the http requestservletResponse
- the http responsefilterChain
- the servlet filter chainException
- any exception thrown during the authentication, e.g. PrivilegedActionExceptionprotected org.apache.solr.security.JWTAuthPlugin.JWTAuthenticationResponse authenticate(String authorizationHeader)
authorizationHeader
- the http header "Authentication"public void close() throws IOException
SolrMetricProducer
SolrMetricProducer.super.close()
to ensure that
metrics with the same life-cycle as this component are properly unregistered. This prevents
obscure memory leaks.close
in interface AutoCloseable
close
in interface SolrMetricProducer
IOException
public ValidatingJsonMap getSpec()
getSpec
in interface SpecProvider
public Map<String,Object> edit(Map<String,Object> latestConf, List<CommandOperation> commands)
edit
in interface ConfigEditablePlugin
latestConf
- latest version of configcommands
- the list of command operations to performprotected String generateAuthDataHeader()
protected boolean interceptInternodeRequest(org.apache.http.HttpRequest httpRequest, org.apache.http.protocol.HttpContext httpContext)
AuthenticationPlugin
PKIAuthenticationPlugin
. Return true to indicate that your plugin
did handle the request, or false to signal that PKI plugin should handle it. This method
will be called by PKIAuthenticationPlugin
's interceptor.
If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin
.
This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.
interceptInternodeRequest
in class AuthenticationPlugin
httpRequest
- the httpRequest that is about to be sent to another internal Solr nodehttpContext
- the context of that request.protected boolean interceptInternodeRequest(org.eclipse.jetty.client.api.Request request)
AuthenticationPlugin
PKIAuthenticationPlugin
. Return true to indicate that your plugin
did handle the request, or false to signal that PKI plugin should handle it. This method
will be called by PKIAuthenticationPlugin
's interceptor.
If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin
.
This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.
interceptInternodeRequest
in class AuthenticationPlugin
request
- the httpRequest that is about to be sent to another internal Solr nodepublic List<JWTIssuerConfig> getIssuerConfigs()
public JWTIssuerConfig getIssuerConfigByName(String name)
name
- name property of configCopyright © 2000-2020 Apache Software Foundation. All Rights Reserved.