Package org.apache.solr.security
Class MultiAuthPlugin
- java.lang.Object
-
- org.apache.solr.security.AuthenticationPlugin
-
- org.apache.solr.security.MultiAuthPlugin
-
- All Implemented Interfaces:
AutoCloseable
,SpecProvider
,SolrInfoBean
,SolrMetricProducer
,ConfigEditablePlugin
public class MultiAuthPlugin extends AuthenticationPlugin implements ConfigEditablePlugin, SpecProvider
Authentication plugin that supports multiple Authorization schemes, such as Bearer and Basic. The impl simply delegates to one of Solr's other AuthenticationPlugins, such as the BasicAuthPlugin or JWTAuthPlugin.- WARNING: This API is experimental and might change in incompatible ways in the next release.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.solr.core.SolrInfoBean
SolrInfoBean.Category, SolrInfoBean.Group
-
-
Field Summary
Fields Modifier and Type Field Description static String
AUTHORIZATION_HEADER
static String
PROPERTY_SCHEME
static String
PROPERTY_SCHEMES
-
Fields inherited from class org.apache.solr.security.AuthenticationPlugin
AUTHENTICATION_PLUGIN_PROP, HTTP_HEADER_X_SOLR_AUTHDATA, numAuthenticated, numErrors, numMissingCredentials, numPassThrough, numWrongCredentials, requests, requestTimes, solrMetricsContext, totalTime
-
-
Constructor Summary
Constructors Constructor Description MultiAuthPlugin(CoreContainer cc)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
close()
Implementations should always callSolrMetricProducer.super.close()
to ensure that metrics with the same life-cycle as this component are properly unregistered.void
closeRequest()
Cleanup any per request databoolean
doAuthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
This method attempts to authenticate the request.Map<String,Object>
edit(Map<String,Object> latestConf, List<CommandOperation> commands)
Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException.ValidatingJsonMap
getSpec()
void
init(Map<String,Object> pluginConfig)
This is called upon loading up of a plugin, used for setting it up.void
initializeMetrics(SolrMetricsContext parentContext, String scope)
Initialize metrics specific to this producer.protected void
initPluginForScheme(Map<String,Object> schemeMap)
protected boolean
interceptInternodeRequest(org.apache.http.HttpRequest httpRequest, org.apache.http.protocol.HttpContext httpContext)
Override this method to intercept internode requests.protected boolean
interceptInternodeRequest(org.eclipse.jetty.client.api.Request request)
Override this method to intercept internode requests.-
Methods inherited from class org.apache.solr.security.AuthenticationPlugin
authenticate, getCategory, getDescription, getName, getSolrMetricsContext, wrapWithPrincipal, wrapWithPrincipal
-
-
-
-
Field Detail
-
PROPERTY_SCHEMES
public static final String PROPERTY_SCHEMES
- See Also:
- Constant Field Values
-
PROPERTY_SCHEME
public static final String PROPERTY_SCHEME
- See Also:
- Constant Field Values
-
AUTHORIZATION_HEADER
public static final String AUTHORIZATION_HEADER
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
MultiAuthPlugin
public MultiAuthPlugin(CoreContainer cc)
-
-
Method Detail
-
init
public void init(Map<String,Object> pluginConfig)
Description copied from class:AuthenticationPlugin
This is called upon loading up of a plugin, used for setting it up.- Specified by:
init
in classAuthenticationPlugin
- Parameters:
pluginConfig
- Config parameters, possibly from a ZK source
-
initializeMetrics
public void initializeMetrics(SolrMetricsContext parentContext, String scope)
Description copied from interface:SolrMetricProducer
Initialize metrics specific to this producer.- Specified by:
initializeMetrics
in interfaceSolrMetricProducer
- Overrides:
initializeMetrics
in classAuthenticationPlugin
- Parameters:
parentContext
- parent metrics context. If this component has the same life-cycle as the parent it can simply use the parent context, otherwise it should obtain a child context usingSolrMetricsContext.getChildContext(Object)
passingthis
as the child object.scope
- component scope
-
doAuthenticate
public boolean doAuthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws Exception
Description copied from class:AuthenticationPlugin
This method attempts to authenticate the request. Upon a successful authentication, this must call the next filter in the filter chain and set the user principal of the request, or else, upon an error or an authentication failure, throw an exception.- Specified by:
doAuthenticate
in classAuthenticationPlugin
- Parameters:
request
- the http requestresponse
- the http responsefilterChain
- the servlet filter chain- Returns:
- false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
- Throws:
Exception
- any exception thrown during the authentication, e.g. PrivilegedActionException
-
close
public void close() throws IOException
Description copied from interface:SolrMetricProducer
Implementations should always callSolrMetricProducer.super.close()
to ensure that metrics with the same life-cycle as this component are properly unregistered. This prevents obscure memory leaks.from: https://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html While this interface method is declared to throw Exception, implementers are strongly encouraged to declare concrete implementations of the close method to throw more specific exceptions, or to throw no exception at all if the close operation cannot fail.
- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceSolrMetricProducer
- Throws:
IOException
-
closeRequest
public void closeRequest()
Description copied from class:AuthenticationPlugin
Cleanup any per request data- Overrides:
closeRequest
in classAuthenticationPlugin
-
interceptInternodeRequest
protected boolean interceptInternodeRequest(org.apache.http.HttpRequest httpRequest, org.apache.http.protocol.HttpContext httpContext)
Description copied from class:AuthenticationPlugin
Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate toPKIAuthenticationPlugin
. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called byPKIAuthenticationPlugin
's interceptor.If not overridden, this method will return true for plugins implementing
HttpClientBuilderPlugin
. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.- Overrides:
interceptInternodeRequest
in classAuthenticationPlugin
- Parameters:
httpRequest
- the httpRequest that is about to be sent to another internal Solr nodehttpContext
- the context of that request.- Returns:
- true if this plugin handled authentication for the request, else false
-
interceptInternodeRequest
protected boolean interceptInternodeRequest(org.eclipse.jetty.client.api.Request request)
Description copied from class:AuthenticationPlugin
Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate toPKIAuthenticationPlugin
. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called byPKIAuthenticationPlugin
's interceptor.If not overridden, this method will return true for plugins implementing
HttpClientBuilderPlugin
. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.- Overrides:
interceptInternodeRequest
in classAuthenticationPlugin
- Parameters:
request
- the httpRequest that is about to be sent to another internal Solr node- Returns:
- true if this plugin handled authentication for the request, else false
-
getSpec
public ValidatingJsonMap getSpec()
- Specified by:
getSpec
in interfaceSpecProvider
-
edit
public Map<String,Object> edit(Map<String,Object> latestConf, List<CommandOperation> commands)
Description copied from interface:ConfigEditablePlugin
Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException. return a null if no changes are to be made as a result of this edit. It is the responsibility of the implementation to ensure that the returned config is valid . The framework does no validation of the data- Specified by:
edit
in interfaceConfigEditablePlugin
-
-