Package org.apache.solr.security

Class KerberosPlugin

    • Constructor Detail

      • KerberosPlugin

        public KerberosPlugin​(CoreContainer coreContainer)

    • Method Detail

      • init

        public void init​(Map<String,​Object> pluginConfig)
        Description copied from class: AuthenticationPlugin
        This is called upon loading up of a plugin, used for setting it up.
        Specified by:
        init in class AuthenticationPlugin
        Parameters:
        pluginConfig - Config parameters, possibly from a ZK source

      • getInitFilterConfig

        protected javax.servlet.FilterConfig getInitFilterConfig​(Map<String,​Object> pluginConfig,
                                                         boolean skipKerberosChecking)

      • doAuthenticate

        public boolean doAuthenticate​(javax.servlet.ServletRequest req,
                              javax.servlet.ServletResponse rsp,
                              javax.servlet.FilterChain chain)
                       throws Exception
        Description copied from class: AuthenticationPlugin
        This method attempts to authenticate the request. Upon a successful authentication, this must call the next filter in the filter chain and set the user principal of the request, or else, upon an error or an authentication failure, throw an exception.
        Specified by:
        doAuthenticate in class AuthenticationPlugin
        Parameters:
        req - the http request
        rsp - the http response
        chain - the servlet filter chain
        Returns:
        false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
        Throws:
        Exception - any exception thrown during the authentication, e.g. PrivilegedActionException

      • interceptInternodeRequest

        protected boolean interceptInternodeRequest​(org.apache.http.HttpRequest httpRequest,
                                            org.apache.http.protocol.HttpContext httpContext)
        Description copied from class: AuthenticationPlugin
        Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

        If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

        Overrides:
        interceptInternodeRequest in class AuthenticationPlugin
        Parameters:
        httpRequest - the httpRequest that is about to be sent to another internal Solr node
        httpContext - the context of that request.
        Returns:
        true if this plugin handled authentication for the request, else false

      • interceptInternodeRequest

        protected boolean interceptInternodeRequest​(org.eclipse.jetty.client.api.Request request)
        Description copied from class: AuthenticationPlugin
        Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

        If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

        Overrides:
        interceptInternodeRequest in class AuthenticationPlugin
        Parameters:
        request - the httpRequest that is about to be sent to another internal Solr node
        Returns:
        true if this plugin handled authentication for the request, else false

      • close

        public void close()
        Description copied from interface: SolrMetricProducer
        Implementations should always call SolrMetricProducer.super.close() to ensure that metrics with the same life-cycle as this component are properly unregistered. This prevents obscure memory leaks. from: https://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html While this interface method is declared to throw Exception, implementers are strongly encouraged to declare concrete implementations of the close method to throw more specific exceptions, or to throw no exception at all if the close operation cannot fail.
        Specified by:
        close in interface AutoCloseable
        Specified by:
        close in interface SolrMetricProducer

      • getKerberosFilter

        protected javax.servlet.Filter getKerberosFilter()

      • setKerberosFilter

        protected void setKerberosFilter​(javax.servlet.Filter kerberosFilter)