Package org.apache.solr.security
Class RuleBasedAuthorizationPluginBase
- java.lang.Object
-
- org.apache.solr.security.RuleBasedAuthorizationPluginBase
-
- All Implemented Interfaces:
Closeable
,AutoCloseable
,org.apache.solr.common.SpecProvider
,AuthorizationPlugin
,ConfigEditablePlugin
- Direct Known Subclasses:
ExternalRoleRuleBasedAuthorizationPlugin
,MultiAuthRuleBasedAuthorizationPlugin
,RuleBasedAuthorizationPlugin
public abstract class RuleBasedAuthorizationPluginBase extends Object implements AuthorizationPlugin, ConfigEditablePlugin, org.apache.solr.common.SpecProvider
Base class for rule based authorization plugins
-
-
Constructor Summary
Constructors Constructor Description RuleBasedAuthorizationPluginBase()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description AuthorizationResponse
authorize(AuthorizationContext context)
void
close()
boolean
doesUserHavePermission(Principal principal, PermissionNameProvider.Name permission)
Map<String,Object>
edit(Map<String,Object> latestConf, List<org.apache.solr.common.util.CommandOperation> commands)
Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException.Set<String>
getPermissionNamesForRoles(Collection<String> roles)
Retrieves permission names for a given set of roles.org.apache.solr.common.util.ValidatingJsonMap
getSpec()
abstract Set<String>
getUserRoles(Principal principal)
Finds users rolesSet<String>
getUserRoles(AuthorizationContext context)
Finds user rolesvoid
init(Map<String,Object> initInfo)
-
-
-
Method Detail
-
authorize
public AuthorizationResponse authorize(AuthorizationContext context)
- Specified by:
authorize
in interfaceAuthorizationPlugin
-
getPermissionNamesForRoles
public Set<String> getPermissionNamesForRoles(Collection<String> roles)
Retrieves permission names for a given set of roles.There are two special role names that can be used in the roles list:
null
meaning permission granted for all requests, even without a role"*"
meaning any role will grant the permission
- Parameters:
roles
- a collection of role names.
-
doesUserHavePermission
public boolean doesUserHavePermission(Principal principal, PermissionNameProvider.Name permission)
-
init
public void init(Map<String,Object> initInfo)
- Specified by:
init
in interfaceAuthorizationPlugin
-
getUserRoles
public Set<String> getUserRoles(AuthorizationContext context)
Finds user roles- Parameters:
context
- the authorization context to load roles from- Returns:
- set of roles as strings or empty set if no roles are found
-
getUserRoles
public abstract Set<String> getUserRoles(Principal principal)
Finds users roles- Parameters:
principal
- the user Principal to fetch roles for- Returns:
- set of roles as strings or empty set if no roles found
-
close
public void close() throws IOException
- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
- Throws:
IOException
-
edit
public Map<String,Object> edit(Map<String,Object> latestConf, List<org.apache.solr.common.util.CommandOperation> commands)
Description copied from interface:ConfigEditablePlugin
Operate the commands on the latest conf and return a new conf object If there are errors in the commands , throw a SolrException. return a null if no changes are to be made as a result of this edit. It is the responsibility of the implementation to ensure that the returned config is valid . The framework does no validation of the data- Specified by:
edit
in interfaceConfigEditablePlugin
-
getSpec
public org.apache.solr.common.util.ValidatingJsonMap getSpec()
- Specified by:
getSpec
in interfaceorg.apache.solr.common.SpecProvider
-
-