Examples with SuppressForbidden org.apache.solr.common.util.SuppressForbidden used on opensource projects

Example 6 with SuppressForbidden

use of org.apache.solr.common.util.SuppressForbidden in project lucene-solr by apache.

the class PKIAuthenticationPlugin method doAuthenticate.

@SuppressForbidden(reason = "Needs currentTimeMillis to compare against time in header")
@Override
public boolean doAuthenticate(ServletRequest request, ServletResponse response, FilterChain filterChain) throws Exception {
    String requestURI = ((HttpServletRequest) request).getRequestURI();
    if (requestURI.endsWith(PATH)) {
        filterChain.doFilter(request, response);
        return true;
    }
    long receivedTime = System.currentTimeMillis();
    String header = ((HttpServletRequest) request).getHeader(HEADER);
    if (header == null) {
        //this must not happen
        log.error("No SolrAuth header present");
        filterChain.doFilter(request, response);
        return true;
    }
    List<String> authInfo = StrUtils.splitWS(header, false);
    if (authInfo.size() < 2) {
        log.error("Invalid SolrAuth Header {}", header);
        filterChain.doFilter(request, response);
        return true;
    }
    String nodeName = authInfo.get(0);
    String cipher = authInfo.get(1);
    PKIHeaderData decipher = decipherHeader(nodeName, cipher);
    if (decipher == null) {
        log.error("Could not decipher a header {} . No principal set", header);
        filterChain.doFilter(request, response);
        return true;
    }
    if ((receivedTime - decipher.timestamp) > MAX_VALIDITY) {
        log.error("Invalid key request timestamp: {} , received timestamp: {} , TTL: {}", decipher.timestamp, receivedTime, MAX_VALIDITY);
        filterChain.doFilter(request, response);
        return true;
    }
    final Principal principal = "$".equals(decipher.userName) ? SU : new BasicUserPrincipal(decipher.userName);
    filterChain.doFilter(getWrapper((HttpServletRequest) request, principal), response);
    return true;
}

Example 7 with SuppressForbidden

use of org.apache.solr.common.util.SuppressForbidden in project lucene-solr by apache.

the class PKIAuthenticationPlugin method setHeader.

@SuppressForbidden(reason = "Needs currentTimeMillis to set current time in header")
void setHeader(HttpRequest httpRequest) {
    SolrRequestInfo reqInfo = getRequestInfo();
    String usr;
    if (reqInfo != null) {
        Principal principal = reqInfo.getReq().getUserPrincipal();
        if (principal == null) {
            //so we don't not need to set a principal
            return;
        } else {
            usr = principal.getName();
        }
    } else {
        if (!isSolrThread()) {
            // then no need to add any header
            return;
        }
        //this request seems to be originated from Solr itself
        //special name to denote the user is the node itself
        usr = "$";
    }
    String s = usr + " " + System.currentTimeMillis();
    byte[] payload = s.getBytes(UTF_8);
    byte[] payloadCipher = keyPair.encrypt(ByteBuffer.wrap(payload));
    String base64Cipher = Base64.byteArrayToBase64(payloadCipher);
    httpRequest.setHeader(HEADER, myNodeName + " " + base64Cipher);
}

Example 8 with SuppressForbidden

use of org.apache.solr.common.util.SuppressForbidden in project lucene-solr by apache.

the class NoCacheHeaderTest method doLastModified.

@SuppressForbidden(reason = "Needs currentTimeMillis for testing caching headers")
@Override
protected void doLastModified(String method) throws Exception {
    // We do a first request to get the last modified
    // This must result in a 200 OK response
    HttpRequestBase get = getSelectMethod(method);
    HttpResponse response = getClient().execute(get);
    checkResponseBody(method, response);
    assertEquals("Got no response code 200 in initial request", 200, response.getStatusLine().getStatusCode());
    Header head = response.getFirstHeader("Last-Modified");
    assertNull("We got a Last-Modified header", head);
    // If-Modified-Since tests
    get = getSelectMethod(method);
    get.addHeader("If-Modified-Since", DateUtils.formatDate(new Date()));
    response = getClient().execute(get);
    checkResponseBody(method, response);
    assertEquals("Expected 200 with If-Modified-Since header. We should never get a 304 here", 200, response.getStatusLine().getStatusCode());
    get = getSelectMethod(method);
    get.addHeader("If-Modified-Since", DateUtils.formatDate(new Date(System.currentTimeMillis() - 10000)));
    response = getClient().execute(get);
    checkResponseBody(method, response);
    assertEquals("Expected 200 with If-Modified-Since header. We should never get a 304 here", 200, response.getStatusLine().getStatusCode());
    // If-Unmodified-Since tests
    get = getSelectMethod(method);
    get.addHeader("If-Unmodified-Since", DateUtils.formatDate(new Date(System.currentTimeMillis() - 10000)));
    response = getClient().execute(get);
    checkResponseBody(method, response);
    assertEquals("Expected 200 with If-Unmodified-Since header. We should never get a 304 here", 200, response.getStatusLine().getStatusCode());
    get = getSelectMethod(method);
    get.addHeader("If-Unmodified-Since", DateUtils.formatDate(new Date()));
    response = getClient().execute(get);
    checkResponseBody(method, response);
    assertEquals("Expected 200 with If-Unmodified-Since header. We should never get a 304 here", 200, response.getStatusLine().getStatusCode());
}

Example 9 with SuppressForbidden

use of org.apache.solr.common.util.SuppressForbidden in project lucene-solr by apache.

the class CacheHeaderTest method checkVetoHeaders.

@SuppressForbidden(reason = "Needs currentTimeMillis to check against expiry headers from Solr")
protected void checkVetoHeaders(HttpResponse response, boolean checkExpires) throws Exception {
    Header head = response.getFirstHeader("Cache-Control");
    assertNotNull("We got no Cache-Control header", head);
    assertTrue("We got no no-cache in the Cache-Control header [" + head + "]", head.getValue().contains("no-cache"));
    assertTrue("We got no no-store in the Cache-Control header [" + head + "]", head.getValue().contains("no-store"));
    head = response.getFirstHeader("Pragma");
    assertNotNull("We got no Pragma header", head);
    assertEquals("no-cache", head.getValue());
    if (checkExpires) {
        head = response.getFirstHeader("Expires");
        assertNotNull("We got no Expires header:" + Arrays.asList(response.getAllHeaders()), head);
        Date d = DateUtils.parseDate(head.getValue());
        assertTrue("We got no Expires header far in the past", System.currentTimeMillis() - d.getTime() > 100000);
    }
}

Example 10 with SuppressForbidden

use of org.apache.solr.common.util.SuppressForbidden in project lucene-solr by apache.

the class IndexFetcher method markReplicationStart.

@SuppressForbidden(reason = "Need currentTimeMillis for debugging/stats")
private void markReplicationStart() {
    replicationTimer = new RTimer();
    replicationStartTimeStamp = new Date();
}