Package org.apache.solr.security

Class AuthenticationPlugin

    • Field Detail

      • numErrors

        protected com.codahale.metrics.Meter numErrors

      • requests

        protected com.codahale.metrics.Counter requests

      • requestTimes

        protected com.codahale.metrics.Timer requestTimes

      • totalTime

        protected com.codahale.metrics.Counter totalTime

      • numAuthenticated

        protected com.codahale.metrics.Counter numAuthenticated

      • numPassThrough

        protected com.codahale.metrics.Counter numPassThrough

      • numWrongCredentials

        protected com.codahale.metrics.Counter numWrongCredentials

      • numMissingCredentials

        protected com.codahale.metrics.Counter numMissingCredentials

    • Constructor Detail

      • AuthenticationPlugin

        public AuthenticationPlugin()

    • Method Detail

      • init

        public abstract void init​(Map<String,​Object> pluginConfig)
        This is called upon loading up of a plugin, used for setting it up.
        Parameters:
        pluginConfig - Config parameters, possibly from a ZK source

      • doAuthenticate

        public abstract boolean doAuthenticate​(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       javax.servlet.FilterChain filterChain)
                                throws Exception
        This method attempts to authenticate the request. Upon a successful authentication, this must call the next filter in the filter chain and set the user principal of the request, or else, upon an error or an authentication failure, throw an exception.
        Parameters:
        request - the http request
        response - the http response
        filterChain - the servlet filter chain
        Returns:
        false if the request not be processed by Solr (not continue), i.e. the response and status code have already been sent.
        Throws:
        Exception - any exception thrown during the authentication, e.g. PrivilegedActionException

      • authenticate

        public final boolean authenticate​(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  javax.servlet.FilterChain filterChain)
                           throws Exception
        This method is called by SolrDispatchFilter in order to initiate authentication. It does some standard metrics counting.
        Throws:
        Exception

      • wrapWithPrincipal

        protected javax.servlet.http.HttpServletRequest wrapWithPrincipal​(javax.servlet.http.HttpServletRequest request,
                                                                  Principal principal)

      • wrapWithPrincipal

        protected javax.servlet.http.HttpServletRequest wrapWithPrincipal​(javax.servlet.http.HttpServletRequest request,
                                                                  Principal principal,
                                                                  String username)

      • interceptInternodeRequest

        protected boolean interceptInternodeRequest​(org.apache.http.HttpRequest httpRequest,
                                            org.apache.http.protocol.HttpContext httpContext)
        Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

        If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

        Parameters:
        httpRequest - the httpRequest that is about to be sent to another internal Solr node
        httpContext - the context of that request.
        Returns:
        true if this plugin handled authentication for the request, else false

      • interceptInternodeRequest

        protected boolean interceptInternodeRequest​(org.eclipse.jetty.client.api.Request request)
        Override this method to intercept internode requests. This allows your authentication plugin to decide on per-request basis whether it should handle inter-node requests or delegate to PKIAuthenticationPlugin. Return true to indicate that your plugin did handle the request, or false to signal that PKI plugin should handle it. This method will be called by PKIAuthenticationPlugin's interceptor.

        If not overridden, this method will return true for plugins implementing HttpClientBuilderPlugin. This method can be overridden by subclasses e.g. to set HTTP headers, even if you don't use a clientBuilder.

        Parameters:
        request - the httpRequest that is about to be sent to another internal Solr node
        Returns:
        true if this plugin handled authentication for the request, else false

      • closeRequest

        public void closeRequest()
        Cleanup any per request data

      • getName

        public String getName()
        Description copied from interface: SolrInfoBean
        Simple common usage name, e.g. BasicQueryHandler, or fully qualified class name.
        Specified by:
        getName in interface SolrInfoBean