org.apache.solr.security

Class BasicAuthPlugin

java.lang.Object

org.apache.solr.security.AuthenticationPlugin

org.apache.solr.security.BasicAuthPlugin

All Implemented Interfaces:

AutoCloseable, SpecProvider, SolrInfoBean, SolrMetricProducer, ConfigEditablePlugin

public class BasicAuthPlugin
extends AuthenticationPlugin
implements ConfigEditablePlugin, SpecProvider

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	BasicAuthPlugin.AuthenticationProvider

Nested classes/interfaces inherited from interface org.apache.solr.core.SolrInfoBean

SolrInfoBean.Category, SolrInfoBean.Group

Field Summary

Fields

Modifier and Type	Field and Description
static String	FORWARD_CREDENTIALS
static String	PROPERTY_BLOCK_UNKNOWN
static String	PROPERTY_REALM

Fields inherited from class org.apache.solr.security.AuthenticationPlugin

AUTHENTICATION_PLUGIN_PROP, HTTP_HEADER_X_SOLR_AUTHDATA, numAuthenticated, numErrors, numMissingCredentials, numPassThrough, numWrongCredentials, requests, requestTimes, solrMetricsContext, totalTime

Constructor Summary

Constructors

Constructor and Description
BasicAuthPlugin()

Method Summary

Modifier and Type	Method and Description
boolean	authenticate(String username, String pwd)
void	close() Implementations should always call SolrMetricProducer.super.close() to ensure that metrics with the same life-cycle as this component are properly unregistered.
void	closeRequest() Cleanup any per request data
boolean	doAuthenticate(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain) This method attempts to authenticate the request.
Map<String,Object>	edit(Map<String,Object> latestConf, List<CommandOperation> commands) Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException.
protected BasicAuthPlugin.AuthenticationProvider	getAuthenticationProvider(Map<String,Object> pluginConfig)
boolean	getBlockUnknown()
ValidatingJsonMap	getSpec()
void	init(Map<String,Object> pluginConfig) This is called upon loading up of a plugin, used for setting it up.
protected boolean	interceptInternodeRequest(org.apache.http.HttpRequest httpRequest, org.apache.http.protocol.HttpContext httpContext) Override this method to intercept internode requests.
protected boolean	interceptInternodeRequest(org.eclipse.jetty.client.api.Request request) Override this method to intercept internode requests.

Methods inherited from class org.apache.solr.security.AuthenticationPlugin

authenticate, getCategory, getDescription, getMetricNames, getName, getSolrMetricsContext, initializeMetrics

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.solr.core.SolrInfoBean

getMetricRegistry, getMetricsSnapshot, registerMetricName

Methods inherited from interface org.apache.solr.metrics.SolrMetricProducer

getUniqueMetricTag, initializeMetrics

Field Detail

PROPERTY_BLOCK_UNKNOWN

public static final String PROPERTY_BLOCK_UNKNOWN

See Also:

Constant Field Values

PROPERTY_REALM

public static final String PROPERTY_REALM

See Also:

Constant Field Values

FORWARD_CREDENTIALS

public static final String FORWARD_CREDENTIALS

See Also:

Constant Field Values

Constructor Detail

BasicAuthPlugin

public BasicAuthPlugin()

Method Detail

authenticate

public boolean authenticate(String username,
                            String pwd)

init

public void init(Map<String,Object> pluginConfig)

Description copied from class: AuthenticationPlugin

This is called upon loading up of a plugin, used for setting it up.

Specified by:

init in class AuthenticationPlugin

Parameters:

pluginConfig - Config parameters, possibly from a ZK source

edit

public Map<String,Object> edit(Map<String,Object> latestConf,
                               List<CommandOperation> commands)

Description copied from interface: ConfigEditablePlugin

Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException. return a null if no changes are to be made as a result of this edit. It is the responsibility of the implementation to ensure that the returned config is valid . The framework does no validation of the data

Specified by:

edit in interface ConfigEditablePlugin

getAuthenticationProvider

protected BasicAuthPlugin.AuthenticationProvider getAuthenticationProvider(Map<String,Object> pluginConfig)

doAuthenticate

public boolean doAuthenticate(javax.servlet.ServletRequest servletRequest,
                              javax.servlet.ServletResponse servletResponse,
                              javax.servlet.FilterChain filterChain)
                       throws Exception

Description copied from class: AuthenticationPlugin

This method attempts to authenticate the request. Upon a successful authentication, this must call the next filter in the filter chain and set the user principal of the request, or else, upon an error or an authentication failure, throw an exception.

Specified by:

doAuthenticate in class AuthenticationPlugin

Parameters:

servletRequest - the http request

servletResponse - the http response

filterChain - the servlet filter chain

Returns:

false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.

Throws:

Exception - any exception thrown during the authentication, e.g. PrivilegedActionException

close

public void close()
           throws IOException

Description copied from interface: SolrMetricProducer

Implementations should always call SolrMetricProducer.super.close() to ensure that metrics with the same life-cycle as this component are properly unregistered. This prevents obscure memory leaks. from: https://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html While this interface method is declared to throw Exception, implementers are strongly encouraged to declare concrete implementations of the close method to throw more specific exceptions, or to throw no exception at all if the close operation cannot fail.

Specified by:

close in interface AutoCloseable

Specified by:

close in interface SolrMetricProducer

Throws:

IOException

closeRequest

public void closeRequest()

Description copied from class: AuthenticationPlugin

Cleanup any per request data

Overrides:

closeRequest in class AuthenticationPlugin

interceptInternodeRequest

protected boolean interceptInternodeRequest(org.apache.http.HttpRequest httpRequest,
                                            org.apache.http.protocol.HttpContext httpContext)

Description copied from class: AuthenticationPlugin

Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

Overrides:

interceptInternodeRequest in class AuthenticationPlugin

Parameters:

httpRequest - the httpRequest that is about to be sent to another internal Solr node

httpContext - the context of that request.

Returns:

true if this plugin handled authentication for the request, else false

interceptInternodeRequest

protected boolean interceptInternodeRequest(org.eclipse.jetty.client.api.Request request)

Description copied from class: AuthenticationPlugin

Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

Overrides:

interceptInternodeRequest in class AuthenticationPlugin

Parameters:

request - the httpRequest that is about to be sent to another internal Solr node

Returns:

true if this plugin handled authentication for the request, else false

getSpec

public ValidatingJsonMap getSpec()

Specified by:

getSpec in interface SpecProvider

getBlockUnknown

public boolean getBlockUnknown()