Package org.apache.solr.security
Class RuleBasedAuthorizationPluginBase
- java.lang.Object
-
- org.apache.solr.security.RuleBasedAuthorizationPluginBase
-
- All Implemented Interfaces:
Closeable,AutoCloseable,org.apache.solr.common.SpecProvider,AuthorizationPlugin,ConfigEditablePlugin
- Direct Known Subclasses:
ExternalRoleRuleBasedAuthorizationPlugin,MultiAuthRuleBasedAuthorizationPlugin,RuleBasedAuthorizationPlugin
public abstract class RuleBasedAuthorizationPluginBase extends Object implements AuthorizationPlugin, ConfigEditablePlugin, org.apache.solr.common.SpecProvider
Base class for rule based authorization plugins
-
-
Constructor Summary
Constructors Constructor Description RuleBasedAuthorizationPluginBase()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description AuthorizationResponseauthorize(AuthorizationContext context)voidclose()booleandoesUserHavePermission(Principal principal, PermissionNameProvider.Name permission)Map<String,Object>edit(Map<String,Object> latestConf, List<org.apache.solr.common.util.CommandOperation> commands)Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException.Set<String>getPermissionNamesForRoles(Collection<String> roles)Retrieves permission names for a given set of roles.org.apache.solr.common.util.ValidatingJsonMapgetSpec()abstract Set<String>getUserRoles(Principal principal)Finds users rolesSet<String>getUserRoles(AuthorizationContext context)Finds user rolesvoidinit(Map<String,Object> initInfo)
-
-
-
Method Detail
-
authorize
public AuthorizationResponse authorize(AuthorizationContext context)
- Specified by:
authorizein interfaceAuthorizationPlugin
-
getPermissionNamesForRoles
public Set<String> getPermissionNamesForRoles(Collection<String> roles)
Retrieves permission names for a given set of roles.There are two special role names that can be used in the roles list:
nullmeaning permission granted for all requests, even without a role"*"meaning any role will grant the permission
- Parameters:
roles- a collection of role names.
-
doesUserHavePermission
public boolean doesUserHavePermission(Principal principal, PermissionNameProvider.Name permission)
-
init
public void init(Map<String,Object> initInfo)
- Specified by:
initin interfaceAuthorizationPlugin
-
getUserRoles
public Set<String> getUserRoles(AuthorizationContext context)
Finds user roles- Parameters:
context- the authorization context to load roles from- Returns:
- set of roles as strings or empty set if no roles are found
-
getUserRoles
public abstract Set<String> getUserRoles(Principal principal)
Finds users roles- Parameters:
principal- the user Principal to fetch roles for- Returns:
- set of roles as strings or empty set if no roles found
-
close
public void close() throws IOException- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable- Throws:
IOException
-
edit
public Map<String,Object> edit(Map<String,Object> latestConf, List<org.apache.solr.common.util.CommandOperation> commands)
Description copied from interface:ConfigEditablePluginOperate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException. return a null if no changes are to be made as a result of this edit. It is the responsibility of the implementation to ensure that the returned config is valid . The framework does no validation of the data- Specified by:
editin interfaceConfigEditablePlugin
-
getSpec
public org.apache.solr.common.util.ValidatingJsonMap getSpec()
- Specified by:
getSpecin interfaceorg.apache.solr.common.SpecProvider
-
-