Package org.apache.solr.security
Class AllowListUrlChecker
- java.lang.Object
-
- org.apache.solr.security.AllowListUrlChecker
-
public class AllowListUrlChecker extends Object
Validates URLs based on an allow list or aClusterState
in SolrCloud.
-
-
Field Summary
Fields Modifier and Type Field Description static AllowListUrlChecker
ALLOW_ALL
Singleton checker which allows all URLs.static String
DISABLE_URL_ALLOW_LIST
System property to disable URL checking andALLOW_ALL
instead.static String
SET_SOLR_DISABLE_URL_ALLOW_LIST_CLUE
Clue given in URL-forbidden exceptions messages.static String
URL_ALLOW_LIST
SolrXmlConfig
property to configure the allowed URLs.
-
Constructor Summary
Constructors Constructor Description AllowListUrlChecker(List<String> urlAllowList)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkAllowList(List<String> urls)
void
checkAllowList(List<String> urls, org.apache.solr.common.cloud.ClusterState clusterState)
Checks that the given URLs are present in the configured allow-list or in the providedClusterState
(in case of cloud mode).static AllowListUrlChecker
create(NodeConfig config)
Creates a URL checker based on theNodeConfig
property to configure the allowed URLs.Set<String>
getHostAllowList()
Only for testing.boolean
hasExplicitAllowList()
Whether this checker has been created with a non-empty allow-list of URLs.boolean
isEnabled()
Whether the URL checking is enabled.String
toString()
-
-
-
Field Detail
-
URL_ALLOW_LIST
public static final String URL_ALLOW_LIST
SolrXmlConfig
property to configure the allowed URLs.- See Also:
- Constant Field Values
-
DISABLE_URL_ALLOW_LIST
public static final String DISABLE_URL_ALLOW_LIST
System property to disable URL checking andALLOW_ALL
instead.- See Also:
- Constant Field Values
-
SET_SOLR_DISABLE_URL_ALLOW_LIST_CLUE
public static final String SET_SOLR_DISABLE_URL_ALLOW_LIST_CLUE
Clue given in URL-forbidden exceptions messages.- See Also:
- Constant Field Values
-
ALLOW_ALL
public static final AllowListUrlChecker ALLOW_ALL
Singleton checker which allows all URLs.isEnabled()
returns false.
-
-
Constructor Detail
-
AllowListUrlChecker
public AllowListUrlChecker(List<String> urlAllowList) throws MalformedURLException
- Parameters:
urlAllowList
- List of allowed URLs. URLs must be well-formed, missing protocol is tolerated. An empty list means there is no explicit allow-list of URLs, in this case no URL is allowed unless aClusterState
is provided incheckAllowList(List, ClusterState)
.- Throws:
MalformedURLException
- If an URL is invalid.
-
-
Method Detail
-
create
public static AllowListUrlChecker create(NodeConfig config)
Creates a URL checker based on theNodeConfig
property to configure the allowed URLs.
-
checkAllowList
public void checkAllowList(List<String> urls) throws MalformedURLException
- Throws:
MalformedURLException
- See Also:
checkAllowList(List, ClusterState)
-
checkAllowList
public void checkAllowList(List<String> urls, org.apache.solr.common.cloud.ClusterState clusterState) throws MalformedURLException
Checks that the given URLs are present in the configured allow-list or in the providedClusterState
(in case of cloud mode).- Parameters:
urls
- The list of urls to check.clusterState
- The up to dateClusterState
, can be null in case of non-cloud mode.- Throws:
MalformedURLException
- If an URL is invalid.org.apache.solr.common.SolrException
- If an URL is not present in the allow-list or in the providedClusterState
.
-
hasExplicitAllowList
public boolean hasExplicitAllowList()
Whether this checker has been created with a non-empty allow-list of URLs.
-
isEnabled
public boolean isEnabled()
Whether the URL checking is enabled. OnlyALLOW_ALL
returns false.
-
-