Examples with SecurityConfig - org.apache.solr.handler.admin.SecurityConfHandler.SecurityConfig

Example 1 with SecurityConfig

use of org.apache.solr.handler.admin.SecurityConfHandler.SecurityConfig in project lucene-solr by apache.

the class SecurityConfHandlerTest method testEdit.

public void testEdit() throws Exception {
    MockSecurityHandler handler = new MockSecurityHandler();
    String command = "{\n" + "'set-user': {'tom':'TomIsCool'},\n" + "'set-user':{ 'tom':'TomIsUberCool'}\n" + "}";
    LocalSolrQueryRequest req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
    req.getContext().put("httpMethod", "POST");
    req.getContext().put("path", "/admin/authentication");
    ContentStreamBase.ByteArrayStream o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
    req.setContentStreams(Collections.singletonList(o));
    handler.handleRequestBody(req, new SolrQueryResponse());
    BasicAuthPlugin basicAuth = new BasicAuthPlugin();
    SecurityConfig securityCfg = handler.m.get("/security.json");
    basicAuth.init((Map<String, Object>) securityCfg.getData().get("authentication"));
    assertTrue(basicAuth.authenticate("tom", "TomIsUberCool"));
    command = "{\n" + "'set-user': {'harry':'HarryIsCool'},\n" + "'delete-user': ['tom','harry']\n" + "}";
    o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
    req.setContentStreams(Collections.singletonList(o));
    handler.handleRequestBody(req, new SolrQueryResponse());
    securityCfg = handler.m.get("/security.json");
    assertEquals(3, securityCfg.getVersion());
    Map result = (Map) securityCfg.getData().get("authentication");
    result = (Map) result.get("credentials");
    assertTrue(result.isEmpty());
    command = "{'set-permission':{ collection : acoll ,\n" + "                      path : '/nonexistentpath',\n" + "                      role :guest },\n" + "'set-user-role': { 'tom': ['admin','dev']}," + "'set-permission':{'name': 'security-edit',\n" + "                  'role': 'admin'}\n" + "}";
    req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
    req.getContext().put("httpMethod", "POST");
    req.getContext().put("path", "/admin/authorization");
    o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
    req.setContentStreams(Collections.singletonList(o));
    SolrQueryResponse rsp = new SolrQueryResponse();
    handler.handleRequestBody(req, rsp);
    assertNull(rsp.getValues().get(CommandOperation.ERR_MSGS));
    Map authzconf = (Map) handler.m.get("/security.json").getData().get("authorization");
    Map userRoles = (Map) authzconf.get("user-role");
    List tomRoles = (List) userRoles.get("tom");
    assertTrue(tomRoles.contains("admin"));
    assertTrue(tomRoles.contains("dev"));
    List<Map> permissions = (List<Map>) authzconf.get("permissions");
    assertEquals(2, permissions.size());
    for (Map p : permissions) {
        assertEquals("acoll", p.get("collection"));
        break;
    }
    command = "{\n" + "'set-permission':{index : 2,  name : security-edit,\n" + "                  'role': ['admin','dev']\n" + "                  }}";
    req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
    req.getContext().put("httpMethod", "POST");
    req.getContext().put("path", "/admin/authorization");
    o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
    req.setContentStreams(Collections.singletonList(o));
    rsp = new SolrQueryResponse();
    handler.handleRequestBody(req, rsp);
    authzconf = (Map) handler.m.get("/security.json").getData().get("authorization");
    permissions = (List<Map>) authzconf.get("permissions");
    Map p = permissions.get(1);
    assertEquals("security-edit", p.get("name"));
    List rol = (List) p.get("role");
    assertEquals("admin", rol.get(0));
    assertEquals("dev", rol.get(1));
    command = "{\n" + "'update-permission':{'index': 1,\n" + "                  'role': ['guest','admin']\n" + "                  }}";
    req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
    req.getContext().put("httpMethod", "POST");
    req.getContext().put("path", "/admin/authorization");
    o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
    req.setContentStreams(Collections.singletonList(o));
    rsp = new SolrQueryResponse();
    handler.handleRequestBody(req, rsp);
    authzconf = (Map) handler.m.get("/security.json").getData().get("authorization");
    permissions = (List<Map>) authzconf.get("permissions");
    p = permissions.get(0);
    assertEquals("acoll", p.get("collection"));
    rol = (List) p.get("role");
    assertEquals("guest", rol.get(0));
    assertEquals("admin", rol.get(1));
    command = "{\n" + "delete-permission: 1,\n" + " set-user-role : { tom :null}\n" + "}";
    req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
    req.getContext().put("httpMethod", "POST");
    req.getContext().put("path", "/admin/authorization");
    o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
    req.setContentStreams(Collections.singletonList(o));
    rsp = new SolrQueryResponse();
    handler.handleRequestBody(req, rsp);
    assertNull(rsp.getValues().get(CommandOperation.ERR_MSGS));
    authzconf = (Map) handler.m.get("/security.json").getData().get("authorization");
    userRoles = (Map) authzconf.get("user-role");
    assertEquals(0, userRoles.size());
    permissions = (List<Map>) authzconf.get("permissions");
    assertEquals(1, permissions.size());
    for (Map permission : permissions) {
        assertFalse("some-permission".equals(permission.get("name")));
    }
    command = "{\n" + "'set-permission':{index : 2,  'name': 'security-edit',\n" + // -ve test security edit is a well-known permission , only role attribute should be provided
    "                  'method':'POST'," + "                  'role': 'admin'\n" + "                  }}";
    req = new LocalSolrQueryRequest(null, new ModifiableSolrParams());
    req.getContext().put("httpMethod", "POST");
    req.getContext().put("path", "/admin/authorization");
    o = new ContentStreamBase.ByteArrayStream(command.getBytes(StandardCharsets.UTF_8), "");
    req.setContentStreams(Collections.singletonList(o));
    rsp = new SolrQueryResponse();
    handler.handleRequestBody(req, rsp);
    List l = (List) ((Map) ((List) rsp.getValues().get("errorMessages")).get(0)).get("errorMessages");
    assertEquals(1, l.size());
}

Also used : SolrQueryResponse(org.apache.solr.response.SolrQueryResponse) BasicAuthPlugin(org.apache.solr.security.BasicAuthPlugin) ModifiableSolrParams(org.apache.solr.common.params.ModifiableSolrParams) LocalSolrQueryRequest(org.apache.solr.request.LocalSolrQueryRequest) SecurityConfig(org.apache.solr.handler.admin.SecurityConfHandler.SecurityConfig) List(java.util.List) HashMap(java.util.HashMap) Utils.makeMap(org.apache.solr.common.util.Utils.makeMap) Map(java.util.Map) ContentStreamBase(org.apache.solr.common.util.ContentStreamBase)

Aggregations

HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 ModifiableSolrParams (org.apache.solr.common.params.ModifiableSolrParams)1 ContentStreamBase (org.apache.solr.common.util.ContentStreamBase)1 Utils.makeMap (org.apache.solr.common.util.Utils.makeMap)1 SecurityConfig (org.apache.solr.handler.admin.SecurityConfHandler.SecurityConfig)1 LocalSolrQueryRequest (org.apache.solr.request.LocalSolrQueryRequest)1 SolrQueryResponse (org.apache.solr.response.SolrQueryResponse)1 BasicAuthPlugin (org.apache.solr.security.BasicAuthPlugin)1