Package org.apache.solr.security
Class HadoopAuthPlugin
- java.lang.Object
-
- org.apache.solr.security.AuthenticationPlugin
-
- org.apache.solr.security.HadoopAuthPlugin
-
- All Implemented Interfaces:
AutoCloseable
,SolrInfoBean
,SolrMetricProducer
- Direct Known Subclasses:
ConfigurableInternodeAuthHadoopPlugin
public class HadoopAuthPlugin extends AuthenticationPlugin
This class implements a generic plugin which can use authentication schemes exposed by the Hadoop framework. This plugin supports following features - integration with authentication mehcanisms (e.g. kerberos) - Delegation token support - Proxy users (or secure impersonation) support This plugin enables defining configuration parameters required by the undelying Hadoop authentication mechanism. These configuration parameters can either be specified as a Java system property or the default value can be specified as part of the plugin configuration. The proxy users are configured by specifying relevant Hadoop configuration parameters. Please note that the delegation token support must be enabled for using the proxy users support. Note - this class does not support configuring authentication mechanism for Solr internal communication. For this purpose ConfigurableInternodeAuthHadoopPlugin should be used. If this plugin is used in the SolrCloud mode, it will use PKI based authentication mechanism for Solr internal communication.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.solr.core.SolrInfoBean
SolrInfoBean.Category, SolrInfoBean.Group
-
-
Field Summary
Fields Modifier and Type Field Description protected CoreContainer
coreContainer
static String
PROXY_USER_CONFIGS
A property which configures proxy users for the underlying Hadoop authentication mechanism.-
Fields inherited from class org.apache.solr.security.AuthenticationPlugin
AUTHENTICATION_PLUGIN_PROP, HTTP_HEADER_X_SOLR_AUTHDATA, numAuthenticated, numErrors, numMissingCredentials, numPassThrough, numWrongCredentials, requests, requestTimes, solrMetricsContext, totalTime
-
-
Constructor Summary
Constructors Constructor Description HadoopAuthPlugin(CoreContainer coreContainer)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
close()
Implementations should always callSolrMetricProducer.super.close()
to ensure that metrics with the same life-cycle as this component are properly unregistered.boolean
doAuthenticate(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)
This method attempts to authenticate the request.protected javax.servlet.FilterConfig
getInitFilterConfig(Map<String,Object> pluginConfig)
void
init(Map<String,Object> pluginConfig)
This is called upon loading up of a plugin, used for setting it up.-
Methods inherited from class org.apache.solr.security.AuthenticationPlugin
authenticate, closeRequest, getCategory, getDescription, getMetricNames, getName, getSolrMetricsContext, initializeMetrics, interceptInternodeRequest, interceptInternodeRequest
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.solr.core.SolrInfoBean
getMetricRegistry, getMetricsSnapshot, registerMetricName
-
Methods inherited from interface org.apache.solr.metrics.SolrMetricProducer
initializeMetrics
-
-
-
-
Field Detail
-
PROXY_USER_CONFIGS
public static final String PROXY_USER_CONFIGS
A property which configures proxy users for the underlying Hadoop authentication mechanism. This configuration is expressed as a collection of key-value pairs (i.e. property-name : value).- See Also:
- Constant Field Values
-
coreContainer
protected final CoreContainer coreContainer
-
-
Constructor Detail
-
HadoopAuthPlugin
public HadoopAuthPlugin(CoreContainer coreContainer)
-
-
Method Detail
-
init
public void init(Map<String,Object> pluginConfig)
Description copied from class:AuthenticationPlugin
This is called upon loading up of a plugin, used for setting it up.- Specified by:
init
in classAuthenticationPlugin
- Parameters:
pluginConfig
- Config parameters, possibly from a ZK source
-
getInitFilterConfig
protected javax.servlet.FilterConfig getInitFilterConfig(Map<String,Object> pluginConfig)
-
doAuthenticate
public boolean doAuthenticate(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws Exception
Description copied from class:AuthenticationPlugin
This method attempts to authenticate the request. Upon a successful authentication, this must call the next filter in the filter chain and set the user principal of the request, or else, upon an error or an authentication failure, throw an exception.- Specified by:
doAuthenticate
in classAuthenticationPlugin
- Parameters:
request
- the http requestresponse
- the http responsefilterChain
- the servlet filter chain- Returns:
- false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
- Throws:
Exception
- any exception thrown during the authentication, e.g. PrivilegedActionException
-
close
public void close() throws IOException
Description copied from interface:SolrMetricProducer
Implementations should always callSolrMetricProducer.super.close()
to ensure that metrics with the same life-cycle as this component are properly unregistered. This prevents obscure memory leaks. from: https://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html While this interface method is declared to throw Exception, implementers are strongly encouraged to declare concrete implementations of the close method to throw more specific exceptions, or to throw no exception at all if the close operation cannot fail.- Throws:
IOException
-
-