Search in sources :

Example 1 with DumpRequestHandler

use of org.apache.solr.handler.DumpRequestHandler in project lucene-solr by apache.

the class TestRuleBasedAuthorizationPlugin method testBasicPermissions.

public void testBasicPermissions() {
    int STATUS_OK = 200;
    int FORBIDDEN = 403;
    int PROMPT_FOR_CREDENTIALS = 401;
    checkRules(makeMap("resource", "/update/json/docs", "httpMethod", "POST", "userPrincipal", "unknownuser", "collectionRequests", "freeforall", "handler", new UpdateRequestHandler()), STATUS_OK);
    checkRules(makeMap("resource", "/update/json/docs", "httpMethod", "POST", "userPrincipal", "tim", "collectionRequests", "mycoll", "handler", new UpdateRequestHandler()), STATUS_OK);
    checkRules(makeMap("resource", "/update/json/docs", "httpMethod", "POST", "collectionRequests", "mycoll", "handler", new UpdateRequestHandler()), PROMPT_FOR_CREDENTIALS);
    checkRules(makeMap("resource", "/schema", "userPrincipal", "somebody", "collectionRequests", "mycoll", "httpMethod", "POST", "handler", new SchemaHandler()), FORBIDDEN);
    checkRules(makeMap("resource", "/schema", "userPrincipal", "somebody", "collectionRequests", "mycoll", "httpMethod", "GET", "handler", new SchemaHandler()), STATUS_OK);
    checkRules(makeMap("resource", "/schema/fields", "userPrincipal", "somebody", "collectionRequests", "mycoll", "httpMethod", "GET", "handler", new SchemaHandler()), STATUS_OK);
    checkRules(makeMap("resource", "/schema", "userPrincipal", "somebody", "collectionRequests", "mycoll", "httpMethod", "POST", "handler", new SchemaHandler()), FORBIDDEN);
    checkRules(makeMap("resource", "/admin/collections", "userPrincipal", "tim", "requestType", RequestType.ADMIN, "collectionRequests", null, "httpMethod", "GET", "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "LIST"))), STATUS_OK);
    checkRules(makeMap("resource", "/admin/collections", "userPrincipal", null, "requestType", RequestType.ADMIN, "collectionRequests", null, "httpMethod", "GET", "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "LIST"))), STATUS_OK);
    checkRules(makeMap("resource", "/admin/collections", "userPrincipal", null, "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "CREATE"))), PROMPT_FOR_CREDENTIALS);
    checkRules(makeMap("resource", "/admin/collections", "userPrincipal", null, "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "RELOAD"))), PROMPT_FOR_CREDENTIALS);
    checkRules(makeMap("resource", "/admin/collections", "userPrincipal", "somebody", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "CREATE"))), FORBIDDEN);
    checkRules(makeMap("resource", "/admin/collections", "userPrincipal", "tim", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "CREATE"))), STATUS_OK);
    checkRules(makeMap("resource", "/select", "httpMethod", "GET", "handler", new SearchHandler(), "collectionRequests", singletonList(new CollectionRequest("mycoll")), "userPrincipal", "joe"), FORBIDDEN);
    Map rules = (Map) Utils.fromJSONString(permissions);
    ((Map) rules.get("user-role")).put("cio", "su");
    ((List) rules.get("permissions")).add(makeMap("name", "all", "role", "su"));
    checkRules(makeMap("resource", ReplicationHandler.PATH, "httpMethod", "POST", "userPrincipal", "tim", "handler", new ReplicationHandler(), "collectionRequests", singletonList(new CollectionRequest("mycoll"))), FORBIDDEN, rules);
    checkRules(makeMap("resource", ReplicationHandler.PATH, "httpMethod", "POST", "userPrincipal", "cio", "handler", new ReplicationHandler(), "collectionRequests", singletonList(new CollectionRequest("mycoll"))), STATUS_OK, rules);
    checkRules(makeMap("resource", "/admin/collections", "userPrincipal", "tim", "requestType", AuthorizationContext.RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "CREATE"))), STATUS_OK, rules);
    rules = (Map) Utils.fromJSONString(permissions);
    ((List) rules.get("permissions")).add(makeMap("name", "core-admin-edit", "role", "su"));
    ((List) rules.get("permissions")).add(makeMap("name", "core-admin-read", "role", "user"));
    ((Map) rules.get("user-role")).put("cio", "su");
    ((List) rules.get("permissions")).add(makeMap("name", "all", "role", "su"));
    permissions = Utils.toJSONString(rules);
    checkRules(makeMap("resource", "/admin/cores", "userPrincipal", null, "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CoreAdminHandler(null), "params", new MapSolrParams(singletonMap("action", "CREATE"))), PROMPT_FOR_CREDENTIALS);
    checkRules(makeMap("resource", "/admin/cores", "userPrincipal", "joe", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CoreAdminHandler(null), "params", new MapSolrParams(singletonMap("action", "CREATE"))), FORBIDDEN);
    checkRules(makeMap("resource", "/admin/cores", "userPrincipal", "joe", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CoreAdminHandler(null), "params", new MapSolrParams(singletonMap("action", "STATUS"))), STATUS_OK);
    checkRules(makeMap("resource", "/admin/cores", "userPrincipal", "cio", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CoreAdminHandler(null), "params", new MapSolrParams(singletonMap("action", "CREATE"))), STATUS_OK);
    rules = (Map) Utils.fromJSONString(permissions);
    List permissions = (List) rules.get("permissions");
    //remove the 'all' permission
    permissions.remove(permissions.size() - 1);
    permissions.add(makeMap("name", "test-params", "role", "admin", "path", "/x", "params", makeMap("key", Arrays.asList("REGEX:(?i)val1", "VAL2"))));
    this.permissions = Utils.toJSONString(rules);
    checkRules(makeMap("resource", "/x", "userPrincipal", null, "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "VAL1"))), PROMPT_FOR_CREDENTIALS);
    checkRules(makeMap("resource", "/x", "userPrincipal", null, "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "Val1"))), PROMPT_FOR_CREDENTIALS);
    checkRules(makeMap("resource", "/x", "userPrincipal", null, "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "Val1"))), PROMPT_FOR_CREDENTIALS);
    checkRules(makeMap("resource", "/x", "userPrincipal", "joe", "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "Val1"))), FORBIDDEN);
    checkRules(makeMap("resource", "/x", "userPrincipal", "joe", "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "Val2"))), STATUS_OK);
    checkRules(makeMap("resource", "/x", "userPrincipal", "joe", "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "VAL2"))), FORBIDDEN);
    checkRules(makeMap("resource", "/update", "userPrincipal", "solr", "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new UpdateRequestHandler(), "params", new MapSolrParams(singletonMap("key", "VAL2"))), FORBIDDEN, (Map<String, Object>) Utils.fromJSONString("{user-role:{" + "      admin:[admin_role]," + "      update:[update_role]," + "      solr:[read_role]}," + "    permissions:[" + "      {name:update, role:[admin_role,update_role]}," + "      {name:read, role:[admin_role,update_role,read_role]}" + "]}"));
}
Also used : SchemaHandler(org.apache.solr.handler.SchemaHandler) SearchHandler(org.apache.solr.handler.component.SearchHandler) CollectionRequest(org.apache.solr.security.AuthorizationContext.CollectionRequest) DumpRequestHandler(org.apache.solr.handler.DumpRequestHandler) CollectionsHandler(org.apache.solr.handler.admin.CollectionsHandler) CoreAdminHandler(org.apache.solr.handler.admin.CoreAdminHandler) MapSolrParams(org.apache.solr.common.params.MapSolrParams) Collections.singletonList(java.util.Collections.singletonList) LinkedList(java.util.LinkedList) List(java.util.List) ReplicationHandler(org.apache.solr.handler.ReplicationHandler) UpdateRequestHandler(org.apache.solr.handler.UpdateRequestHandler) HashMap(java.util.HashMap) Map(java.util.Map) Collections.singletonMap(java.util.Collections.singletonMap) Utils.makeMap(org.apache.solr.common.util.Utils.makeMap)

Aggregations

Collections.singletonList (java.util.Collections.singletonList)1 Collections.singletonMap (java.util.Collections.singletonMap)1 HashMap (java.util.HashMap)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Map (java.util.Map)1 MapSolrParams (org.apache.solr.common.params.MapSolrParams)1 Utils.makeMap (org.apache.solr.common.util.Utils.makeMap)1 DumpRequestHandler (org.apache.solr.handler.DumpRequestHandler)1 ReplicationHandler (org.apache.solr.handler.ReplicationHandler)1 SchemaHandler (org.apache.solr.handler.SchemaHandler)1 UpdateRequestHandler (org.apache.solr.handler.UpdateRequestHandler)1 CollectionsHandler (org.apache.solr.handler.admin.CollectionsHandler)1 CoreAdminHandler (org.apache.solr.handler.admin.CoreAdminHandler)1 SearchHandler (org.apache.solr.handler.component.SearchHandler)1 CollectionRequest (org.apache.solr.security.AuthorizationContext.CollectionRequest)1