JWTAuthPlugin (Solr 8.9.0 API)

java.lang.Object
- org.apache.solr.security.AuthenticationPlugin
- - org.apache.solr.security.JWTAuthPlugin

All Implemented Interfaces:

AutoCloseable, SpecProvider, SolrInfoBean, SolrMetricProducer, ConfigEditablePlugin
```
public class JWTAuthPlugin
extends AuthenticationPlugin
implements SpecProvider, ConfigEditablePlugin
```
Authenticaion plugin that finds logged in user by validating the signature of a JWT token

Nested Class Summary
- Nested classes/interfaces inherited from interface org.apache.solr.core.SolrInfoBean
  SolrInfoBean.Category, SolrInfoBean.Group

Field Summary
- Fields inherited from class org.apache.solr.security.AuthenticationPlugin
  AUTHENTICATION_PLUGIN_PROP, HTTP_HEADER_X_SOLR_AUTHDATA, numAuthenticated, numErrors, numMissingCredentials, numPassThrough, numWrongCredentials, requests, requestTimes, solrMetricsContext, totalTime

Constructor Summary

Constructors
Constructor and Description

JWTAuthPlugin()
Initialize plugin

Constructors
Constructor and Description
`JWTAuthPlugin()` Initialize plugin

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected org.apache.solr.security.JWTAuthPlugin.JWTAuthenticationResponse`	`authenticate(String authorizationHeader)` Testable authentication method
`void`	`close()` Implementations should always call `SolrMetricProducer.super.close()` to ensure that metrics with the same life-cycle as this component are properly unregistered.
`boolean`	`doAuthenticate(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain)` Main authentication method that looks for correct JWT token in the Authorization header
`Map<String,Object>`	`edit(Map<String,Object> latestConf, List<CommandOperation> commands)` Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException.
`protected String`	`generateAuthDataHeader()`
`JWTIssuerConfig`	`getIssuerConfigByName(String name)` Lookup issuer config by its name
`List<JWTIssuerConfig>`	`getIssuerConfigs()`
`ValidatingJsonMap`	`getSpec()`
`void`	`init(Map<String,Object> pluginConfig)` This is called upon loading up of a plugin, used for setting it up.
`protected boolean`	`interceptInternodeRequest(org.apache.http.HttpRequest httpRequest, org.apache.http.protocol.HttpContext httpContext)` Override this method to intercept internode requests.
`protected boolean`	`interceptInternodeRequest(org.eclipse.jetty.client.api.Request request)` Override this method to intercept internode requests.

Methods inherited from class org.apache.solr.security.AuthenticationPlugin
authenticate, closeRequest, getCategory, getDescription, getMetricNames, getName, getSolrMetricsContext, initializeMetrics

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.solr.core.SolrInfoBean
getMetricRegistry, getMetricsSnapshot, registerMetricName

Methods inherited from interface org.apache.solr.metrics.SolrMetricProducer
getUniqueMetricTag, initializeMetrics

- Constructor Detail
  - JWTAuthPlugin
```
public JWTAuthPlugin()
```
    Initialize plugin
- Method Detail
  - init
```
public void init(Map<String,Object> pluginConfig)
```
    Description copied from class: AuthenticationPlugin
    
    This is called upon loading up of a plugin, used for setting it up.
    
    Specified by:
    
    init in class AuthenticationPlugin
    
    Parameters:
    
    pluginConfig - Config parameters, possibly from a ZK source
  - doAuthenticate
```
public boolean doAuthenticate(javax.servlet.ServletRequest servletRequest,
                              javax.servlet.ServletResponse servletResponse,
                              javax.servlet.FilterChain filterChain)
                       throws Exception
```
    Main authentication method that looks for correct JWT token in the Authorization header
    
    Specified by:
    
    doAuthenticate in class AuthenticationPlugin
    
    Parameters:
    
    servletRequest - the http request
    
    servletResponse - the http response
    
    filterChain - the servlet filter chain
    
    Returns:
    
    false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
    
    Throws:
    
    Exception - any exception thrown during the authentication, e.g. PrivilegedActionException
  - authenticate
```
protected org.apache.solr.security.JWTAuthPlugin.JWTAuthenticationResponse authenticate(String authorizationHeader)
```
    Testable authentication method
    
    Parameters:
    
    authorizationHeader - the http header "Authentication"
    
    Returns:
    
    AuthenticationResponse object
  - close
```
public void close()
           throws IOException
```
    Description copied from interface: SolrMetricProducer
    
    Implementations should always call SolrMetricProducer.super.close() to ensure that metrics with the same life-cycle as this component are properly unregistered. This prevents obscure memory leaks. from: https://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html While this interface method is declared to throw Exception, implementers are strongly encouraged to declare concrete implementations of the close method to throw more specific exceptions, or to throw no exception at all if the close operation cannot fail.
    
    Specified by:
    
    close in interface AutoCloseable
    
    Specified by:
    
    close in interface SolrMetricProducer
    
    Throws:
    
    IOException
  - getSpec
```
public ValidatingJsonMap getSpec()
```
    Specified by:
    
    getSpec in interface SpecProvider
  - edit
```
public Map<String,Object> edit(Map<String,Object> latestConf,
                               List<CommandOperation> commands)
```
    Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException. return a null if no changes are to be made as a result of this edit. It is the responsibility of the implementation to ensure that the returned config is valid . The framework does no validation of the data
    
    Specified by:
    
    edit in interface ConfigEditablePlugin
    
    Parameters:
    
    latestConf - latest version of config
    
    commands - the list of command operations to perform
  - generateAuthDataHeader
```
protected String generateAuthDataHeader()
```
  - interceptInternodeRequest
```
protected boolean interceptInternodeRequest(org.apache.http.HttpRequest httpRequest,
                                            org.apache.http.protocol.HttpContext httpContext)
```
    Description copied from class: AuthenticationPlugin
    
    Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.
    If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.
    
    Overrides:
    
    interceptInternodeRequest in class AuthenticationPlugin
    
    Parameters:
    
    httpRequest - the httpRequest that is about to be sent to another internal Solr node
    
    httpContext - the context of that request.
    
    Returns:
    
    true if this plugin handled authentication for the request, else false
  - interceptInternodeRequest
```
protected boolean interceptInternodeRequest(org.eclipse.jetty.client.api.Request request)
```
    Description copied from class: AuthenticationPlugin
    
    Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.
    If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.
    
    Overrides:
    
    interceptInternodeRequest in class AuthenticationPlugin
    
    Parameters:
    
    request - the httpRequest that is about to be sent to another internal Solr node
    
    Returns:
    
    true if this plugin handled authentication for the request, else false
  - getIssuerConfigs
```
public List<JWTIssuerConfig> getIssuerConfigs()
```
  - getIssuerConfigByName
```
public JWTIssuerConfig getIssuerConfigByName(String name)
```
    Lookup issuer config by its name
    
    Parameters:
    
    name - name property of config
    
    Returns:
    
    issuer config object or null if not found

Class JWTAuthPlugin

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.solr.core.SolrInfoBean

Field Summary

Fields inherited from class org.apache.solr.security.AuthenticationPlugin

Constructor Summary

Method Summary

Methods inherited from class org.apache.solr.security.AuthenticationPlugin

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.solr.core.SolrInfoBean

Methods inherited from interface org.apache.solr.metrics.SolrMetricProducer

Constructor Detail

JWTAuthPlugin

Method Detail

init

doAuthenticate

authenticate

close

getSpec

edit

generateAuthDataHeader

interceptInternodeRequest

interceptInternodeRequest

getIssuerConfigs

getIssuerConfigByName