Package org.apache.solr.security
Class AllowListUrlChecker
- java.lang.Object
-
- org.apache.solr.security.AllowListUrlChecker
-
public class AllowListUrlChecker extends Object
Validates URLs based on an allow list or aClusterStatein SolrCloud.
-
-
Field Summary
Fields Modifier and Type Field Description static AllowListUrlCheckerALLOW_ALLSingleton checker which allows all URLs.static StringDISABLE_URL_ALLOW_LISTSystem property to disable URL checking andALLOW_ALLinstead.static StringSET_SOLR_DISABLE_URL_ALLOW_LIST_CLUEClue given in URL-forbidden exceptions messages.static StringURL_ALLOW_LISTSolrXmlConfigproperty to configure the allowed URLs.
-
Constructor Summary
Constructors Constructor Description AllowListUrlChecker(List<String> urlAllowList)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckAllowList(List<String> urls)voidcheckAllowList(List<String> urls, org.apache.solr.common.cloud.ClusterState clusterState)Checks that the given URLs are present in the configured allow-list or in the providedClusterState(in case of cloud mode).static AllowListUrlCheckercreate(NodeConfig config)Creates a URL checker based on theNodeConfigproperty to configure the allowed URLs.Set<String>getHostAllowList()Only for testing.booleanhasExplicitAllowList()Whether this checker has been created with a non-empty allow-list of URLs.booleanisEnabled()Whether the URL checking is enabled.StringtoString()
-
-
-
Field Detail
-
URL_ALLOW_LIST
public static final String URL_ALLOW_LIST
SolrXmlConfigproperty to configure the allowed URLs.- See Also:
- Constant Field Values
-
DISABLE_URL_ALLOW_LIST
public static final String DISABLE_URL_ALLOW_LIST
System property to disable URL checking andALLOW_ALLinstead.- See Also:
- Constant Field Values
-
SET_SOLR_DISABLE_URL_ALLOW_LIST_CLUE
public static final String SET_SOLR_DISABLE_URL_ALLOW_LIST_CLUE
Clue given in URL-forbidden exceptions messages.- See Also:
- Constant Field Values
-
ALLOW_ALL
public static final AllowListUrlChecker ALLOW_ALL
Singleton checker which allows all URLs.isEnabled()returns false.
-
-
Constructor Detail
-
AllowListUrlChecker
public AllowListUrlChecker(List<String> urlAllowList) throws MalformedURLException
- Parameters:
urlAllowList- List of allowed URLs. URLs must be well-formed, missing protocol is tolerated. An empty list means there is no explicit allow-list of URLs, in this case no URL is allowed unless aClusterStateis provided incheckAllowList(List, ClusterState).- Throws:
MalformedURLException- If an URL is invalid.
-
-
Method Detail
-
create
public static AllowListUrlChecker create(NodeConfig config)
Creates a URL checker based on theNodeConfigproperty to configure the allowed URLs.
-
checkAllowList
public void checkAllowList(List<String> urls) throws MalformedURLException
- Throws:
MalformedURLException- See Also:
checkAllowList(List, ClusterState)
-
checkAllowList
public void checkAllowList(List<String> urls, org.apache.solr.common.cloud.ClusterState clusterState) throws MalformedURLException
Checks that the given URLs are present in the configured allow-list or in the providedClusterState(in case of cloud mode).- Parameters:
urls- The list of urls to check.clusterState- The up to dateClusterState, can be null in case of non-cloud mode.- Throws:
MalformedURLException- If an URL is invalid.org.apache.solr.common.SolrException- If an URL is not present in the allow-list or in the providedClusterState.
-
hasExplicitAllowList
public boolean hasExplicitAllowList()
Whether this checker has been created with a non-empty allow-list of URLs.
-
isEnabled
public boolean isEnabled()
Whether the URL checking is enabled. OnlyALLOW_ALLreturns false.
-
-