Package org.apache.solr.security
Class AuthenticationPlugin
- java.lang.Object
-
- org.apache.solr.security.AuthenticationPlugin
-
- All Implemented Interfaces:
AutoCloseable
,SolrInfoBean
,SolrMetricProducer
- Direct Known Subclasses:
BasicAuthPlugin
,HadoopAuthPlugin
,JWTAuthPlugin
,KerberosPlugin
,PKIAuthenticationPlugin
public abstract class AuthenticationPlugin extends Object implements SolrInfoBean, SolrMetricProducer
- WARNING: This API is experimental and might change in incompatible ways in the next release.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.solr.core.SolrInfoBean
SolrInfoBean.Category, SolrInfoBean.Group
-
-
Field Summary
Fields Modifier and Type Field Description static String
AUTHENTICATION_PLUGIN_PROP
static String
HTTP_HEADER_X_SOLR_AUTHDATA
protected com.codahale.metrics.Counter
numAuthenticated
protected com.codahale.metrics.Meter
numErrors
protected com.codahale.metrics.Counter
numMissingCredentials
protected com.codahale.metrics.Counter
numPassThrough
protected com.codahale.metrics.Counter
numWrongCredentials
protected com.codahale.metrics.Counter
requests
protected com.codahale.metrics.Timer
requestTimes
protected SolrMetricsContext
solrMetricsContext
protected com.codahale.metrics.Counter
totalTime
-
Constructor Summary
Constructors Constructor Description AuthenticationPlugin()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description boolean
authenticate(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)
This method is called by SolrDispatchFilter in order to initiate authentication.void
closeRequest()
Cleanup any per request dataabstract boolean
doAuthenticate(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)
This method attempts to authenticate the request.SolrInfoBean.Category
getCategory()
Category of this componentString
getDescription()
Simple one or two line descriptionSet<String>
getMetricNames()
Modifiable set of metric names that this component reports (default is null, which means none).String
getName()
Simple common usage name, e.g.SolrMetricsContext
getSolrMetricsContext()
Implementing classes should override this method to provide the context obtained inSolrMetricProducer.initializeMetrics(SolrMetricsContext, String)
to ensure proper cleanup of metrics at the end of the life-cycle of this component.abstract void
init(Map<String,Object> pluginConfig)
This is called upon loading up of a plugin, used for setting it up.void
initializeMetrics(SolrMetricsContext parentContext, String scope)
Initialize metrics specific to this producer.protected boolean
interceptInternodeRequest(org.apache.http.HttpRequest httpRequest, org.apache.http.protocol.HttpContext httpContext)
Override this method to intercept internode requests.protected boolean
interceptInternodeRequest(org.eclipse.jetty.client.api.Request request)
Override this method to intercept internode requests.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.solr.core.SolrInfoBean
getMetricRegistry, getMetricsSnapshot, registerMetricName
-
Methods inherited from interface org.apache.solr.metrics.SolrMetricProducer
close, initializeMetrics
-
-
-
-
Field Detail
-
AUTHENTICATION_PLUGIN_PROP
public static final String AUTHENTICATION_PLUGIN_PROP
- See Also:
- Constant Field Values
-
HTTP_HEADER_X_SOLR_AUTHDATA
public static final String HTTP_HEADER_X_SOLR_AUTHDATA
- See Also:
- Constant Field Values
-
solrMetricsContext
protected SolrMetricsContext solrMetricsContext
-
numErrors
protected com.codahale.metrics.Meter numErrors
-
requests
protected com.codahale.metrics.Counter requests
-
requestTimes
protected com.codahale.metrics.Timer requestTimes
-
totalTime
protected com.codahale.metrics.Counter totalTime
-
numAuthenticated
protected com.codahale.metrics.Counter numAuthenticated
-
numPassThrough
protected com.codahale.metrics.Counter numPassThrough
-
numWrongCredentials
protected com.codahale.metrics.Counter numWrongCredentials
-
numMissingCredentials
protected com.codahale.metrics.Counter numMissingCredentials
-
-
Method Detail
-
init
public abstract void init(Map<String,Object> pluginConfig)
This is called upon loading up of a plugin, used for setting it up.- Parameters:
pluginConfig
- Config parameters, possibly from a ZK source
-
doAuthenticate
public abstract boolean doAuthenticate(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws Exception
This method attempts to authenticate the request. Upon a successful authentication, this must call the next filter in the filter chain and set the user principal of the request, or else, upon an error or an authentication failure, throw an exception.- Parameters:
request
- the http requestresponse
- the http responsefilterChain
- the servlet filter chain- Returns:
- false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
- Throws:
Exception
- any exception thrown during the authentication, e.g. PrivilegedActionException
-
authenticate
public final boolean authenticate(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws Exception
This method is called by SolrDispatchFilter in order to initiate authentication. It does some standard metrics counting.- Throws:
Exception
-
interceptInternodeRequest
protected boolean interceptInternodeRequest(org.apache.http.HttpRequest httpRequest, org.apache.http.protocol.HttpContext httpContext)
Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate toPKIAuthenticationPlugin
. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called byPKIAuthenticationPlugin
's interceptor.If not overridden, this method will return true for plugins implementing
HttpClientBuilderPlugin
. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.- Parameters:
httpRequest
- the httpRequest that is about to be sent to another internal Solr nodehttpContext
- the context of that request.- Returns:
- true if this plugin handled authentication for the request, else false
-
interceptInternodeRequest
protected boolean interceptInternodeRequest(org.eclipse.jetty.client.api.Request request)
Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate toPKIAuthenticationPlugin
. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called byPKIAuthenticationPlugin
's interceptor.If not overridden, this method will return true for plugins implementing
HttpClientBuilderPlugin
. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.- Parameters:
request
- the httpRequest that is about to be sent to another internal Solr node- Returns:
- true if this plugin handled authentication for the request, else false
-
closeRequest
public void closeRequest()
Cleanup any per request data
-
getSolrMetricsContext
public SolrMetricsContext getSolrMetricsContext()
Description copied from interface:SolrMetricProducer
Implementing classes should override this method to provide the context obtained inSolrMetricProducer.initializeMetrics(SolrMetricsContext, String)
to ensure proper cleanup of metrics at the end of the life-cycle of this component.- Specified by:
getSolrMetricsContext
in interfaceSolrMetricProducer
-
initializeMetrics
public void initializeMetrics(SolrMetricsContext parentContext, String scope)
Description copied from interface:SolrMetricProducer
Initialize metrics specific to this producer.- Specified by:
initializeMetrics
in interfaceSolrMetricProducer
- Parameters:
parentContext
- parent metrics context. If this component has the same life-cycle as the parent it can simply use the parent context, otherwise it should obtain a child context usingSolrMetricsContext.getChildContext(Object)
passingthis
as the child.scope
- component scope
-
getName
public String getName()
Description copied from interface:SolrInfoBean
Simple common usage name, e.g. BasicQueryHandler, or fully qualified class name.- Specified by:
getName
in interfaceSolrInfoBean
-
getDescription
public String getDescription()
Description copied from interface:SolrInfoBean
Simple one or two line description- Specified by:
getDescription
in interfaceSolrInfoBean
-
getCategory
public SolrInfoBean.Category getCategory()
Description copied from interface:SolrInfoBean
Category of this component- Specified by:
getCategory
in interfaceSolrInfoBean
-
getMetricNames
public Set<String> getMetricNames()
Description copied from interface:SolrInfoBean
Modifiable set of metric names that this component reports (default is null, which means none). If not null then this set is used bySolrInfoBean.registerMetricName(String)
to capture what metrics names are reported from this component.NOTE: this set has to allow iteration under modifications.
- Specified by:
getMetricNames
in interfaceSolrInfoBean
-
-