public class KerberosPlugin extends AuthenticationPlugin implements HttpClientBuilderPlugin
SolrInfoBean.Category, SolrInfoBean.Group
Modifier and Type | Field and Description |
---|---|
static String |
COOKIE_DOMAIN_PARAM |
static String |
COOKIE_PATH_PARAM |
static String |
COOKIE_PORT_AWARE_PARAM |
static String |
DELEGATION_TOKEN_ENABLED |
static String |
DELEGATION_TOKEN_KIND |
static String |
DELEGATION_TOKEN_SECRET_MANAGER_ZNODE_WORKING_PATH |
static String |
DELEGATION_TOKEN_SECRET_PROVIDER |
static String |
DELEGATION_TOKEN_SECRET_PROVIDER_ZK_PATH |
static String |
DELEGATION_TOKEN_TYPE_DEFAULT |
static String |
DELEGATION_TOKEN_VALIDITY |
static String |
IMPERSONATOR_DO_AS_HTTP_PARAM |
static String |
IMPERSONATOR_PREFIX |
static String |
IMPERSONATOR_USER_NAME |
static String |
KEYTAB_PARAM |
static String |
NAME_RULES_PARAM |
static String |
ORIGINAL_USER_PRINCIPAL_HEADER |
static String |
PRINCIPAL_PARAM |
static String |
TOKEN_VALID_PARAM |
AUTHENTICATION_PLUGIN_PROP, HTTP_HEADER_X_SOLR_AUTHDATA, numAuthenticated, numErrors, numMissingCredentials, numPassThrough, numWrongCredentials, requests, requestTimes, solrMetricsContext, totalTime
Constructor and Description |
---|
KerberosPlugin(CoreContainer coreContainer) |
Modifier and Type | Method and Description |
---|---|
void |
close()
Implementations should always call
SolrMetricProducer.super.close() to ensure that
metrics with the same life-cycle as this component are properly unregistered. |
boolean |
doAuthenticate(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse rsp,
javax.servlet.FilterChain chain)
This method attempts to authenticate the request.
|
SolrHttpClientBuilder |
getHttpClientBuilder(SolrHttpClientBuilder builder) |
protected javax.servlet.FilterConfig |
getInitFilterConfig(Map<String,Object> pluginConfig,
boolean skipKerberosChecking) |
protected javax.servlet.Filter |
getKerberosFilter() |
void |
init(Map<String,Object> pluginConfig)
This is called upon loading up of a plugin, used for setting it up.
|
protected boolean |
interceptInternodeRequest(org.apache.http.HttpRequest httpRequest,
org.apache.http.protocol.HttpContext httpContext)
Override this method to intercept internode requests.
|
protected void |
setKerberosFilter(javax.servlet.Filter kerberosFilter) |
void |
setup(Http2SolrClient client) |
authenticate, closeRequest, getCategory, getDescription, getMetricNames, getName, getSolrMetricsContext, initializeMetrics, interceptInternodeRequest
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getMetricRegistry, getMetricsSnapshot, registerMetricName
getUniqueMetricTag, initializeMetrics
public static final String NAME_RULES_PARAM
public static final String COOKIE_DOMAIN_PARAM
public static final String COOKIE_PATH_PARAM
public static final String PRINCIPAL_PARAM
public static final String KEYTAB_PARAM
public static final String TOKEN_VALID_PARAM
public static final String COOKIE_PORT_AWARE_PARAM
public static final String IMPERSONATOR_PREFIX
public static final String DELEGATION_TOKEN_ENABLED
public static final String DELEGATION_TOKEN_KIND
public static final String DELEGATION_TOKEN_VALIDITY
public static final String DELEGATION_TOKEN_SECRET_PROVIDER
public static final String DELEGATION_TOKEN_SECRET_PROVIDER_ZK_PATH
public static final String DELEGATION_TOKEN_SECRET_MANAGER_ZNODE_WORKING_PATH
public static final String DELEGATION_TOKEN_TYPE_DEFAULT
public static final String IMPERSONATOR_DO_AS_HTTP_PARAM
public static final String IMPERSONATOR_USER_NAME
public static final String ORIGINAL_USER_PRINCIPAL_HEADER
public KerberosPlugin(CoreContainer coreContainer)
public void init(Map<String,Object> pluginConfig)
AuthenticationPlugin
init
in class AuthenticationPlugin
pluginConfig
- Config parameters, possibly from a ZK sourceprotected javax.servlet.FilterConfig getInitFilterConfig(Map<String,Object> pluginConfig, boolean skipKerberosChecking)
public boolean doAuthenticate(javax.servlet.ServletRequest req, javax.servlet.ServletResponse rsp, javax.servlet.FilterChain chain) throws Exception
AuthenticationPlugin
doAuthenticate
in class AuthenticationPlugin
req
- the http requestrsp
- the http responsechain
- the servlet filter chainException
- any exception thrown during the authentication, e.g. PrivilegedActionExceptionprotected boolean interceptInternodeRequest(org.apache.http.HttpRequest httpRequest, org.apache.http.protocol.HttpContext httpContext)
AuthenticationPlugin
PKIAuthenticationPlugin
. Return true to indicate that your plugin
did handle the request, or false to signal that PKI plugin should handle it. This method
will be called by PKIAuthenticationPlugin
's interceptor.
If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin
.
This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.
interceptInternodeRequest
in class AuthenticationPlugin
httpRequest
- the httpRequest that is about to be sent to another internal Solr nodehttpContext
- the context of that request.public SolrHttpClientBuilder getHttpClientBuilder(SolrHttpClientBuilder builder)
getHttpClientBuilder
in interface HttpClientBuilderPlugin
public void setup(Http2SolrClient client)
setup
in interface HttpClientBuilderPlugin
public void close()
SolrMetricProducer
SolrMetricProducer.super.close()
to ensure that
metrics with the same life-cycle as this component are properly unregistered. This prevents
obscure memory leaks.close
in interface AutoCloseable
close
in interface SolrMetricProducer
protected javax.servlet.Filter getKerberosFilter()
protected void setKerberosFilter(javax.servlet.Filter kerberosFilter)
Copyright © 2000-2020 Apache Software Foundation. All Rights Reserved.