Example 1 with SearchHandler
use of org.apache.solr.handler.component.SearchHandler in project lucene-solr by apache.
the class TestRuleBasedAuthorizationPlugin method testBasicPermissions.
public void testBasicPermissions() {
int STATUS_OK = 200;
int FORBIDDEN = 403;
int PROMPT_FOR_CREDENTIALS = 401;
checkRules(makeMap("resource", "/update/json/docs", "httpMethod", "POST", "userPrincipal", "unknownuser", "collectionRequests", "freeforall", "handler", new UpdateRequestHandler()), STATUS_OK);
checkRules(makeMap("resource", "/update/json/docs", "httpMethod", "POST", "userPrincipal", "tim", "collectionRequests", "mycoll", "handler", new UpdateRequestHandler()), STATUS_OK);
checkRules(makeMap("resource", "/update/json/docs", "httpMethod", "POST", "collectionRequests", "mycoll", "handler", new UpdateRequestHandler()), PROMPT_FOR_CREDENTIALS);
checkRules(makeMap("resource", "/schema", "userPrincipal", "somebody", "collectionRequests", "mycoll", "httpMethod", "POST", "handler", new SchemaHandler()), FORBIDDEN);
checkRules(makeMap("resource", "/schema", "userPrincipal", "somebody", "collectionRequests", "mycoll", "httpMethod", "GET", "handler", new SchemaHandler()), STATUS_OK);
checkRules(makeMap("resource", "/schema/fields", "userPrincipal", "somebody", "collectionRequests", "mycoll", "httpMethod", "GET", "handler", new SchemaHandler()), STATUS_OK);
checkRules(makeMap("resource", "/schema", "userPrincipal", "somebody", "collectionRequests", "mycoll", "httpMethod", "POST", "handler", new SchemaHandler()), FORBIDDEN);
checkRules(makeMap("resource", "/admin/collections", "userPrincipal", "tim", "requestType", RequestType.ADMIN, "collectionRequests", null, "httpMethod", "GET", "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "LIST"))), STATUS_OK);
checkRules(makeMap("resource", "/admin/collections", "userPrincipal", null, "requestType", RequestType.ADMIN, "collectionRequests", null, "httpMethod", "GET", "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "LIST"))), STATUS_OK);
checkRules(makeMap("resource", "/admin/collections", "userPrincipal", null, "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "CREATE"))), PROMPT_FOR_CREDENTIALS);
checkRules(makeMap("resource", "/admin/collections", "userPrincipal", null, "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "RELOAD"))), PROMPT_FOR_CREDENTIALS);
checkRules(makeMap("resource", "/admin/collections", "userPrincipal", "somebody", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "CREATE"))), FORBIDDEN);
checkRules(makeMap("resource", "/admin/collections", "userPrincipal", "tim", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "CREATE"))), STATUS_OK);
checkRules(makeMap("resource", "/select", "httpMethod", "GET", "handler", new SearchHandler(), "collectionRequests", singletonList(new CollectionRequest("mycoll")), "userPrincipal", "joe"), FORBIDDEN);
Map rules = (Map) Utils.fromJSONString(permissions);
((Map) rules.get("user-role")).put("cio", "su");
((List) rules.get("permissions")).add(makeMap("name", "all", "role", "su"));
checkRules(makeMap("resource", ReplicationHandler.PATH, "httpMethod", "POST", "userPrincipal", "tim", "handler", new ReplicationHandler(), "collectionRequests", singletonList(new CollectionRequest("mycoll"))), FORBIDDEN, rules);
checkRules(makeMap("resource", ReplicationHandler.PATH, "httpMethod", "POST", "userPrincipal", "cio", "handler", new ReplicationHandler(), "collectionRequests", singletonList(new CollectionRequest("mycoll"))), STATUS_OK, rules);
checkRules(makeMap("resource", "/admin/collections", "userPrincipal", "tim", "requestType", AuthorizationContext.RequestType.ADMIN, "collectionRequests", null, "handler", new CollectionsHandler(), "params", new MapSolrParams(singletonMap("action", "CREATE"))), STATUS_OK, rules);
rules = (Map) Utils.fromJSONString(permissions);
((List) rules.get("permissions")).add(makeMap("name", "core-admin-edit", "role", "su"));
((List) rules.get("permissions")).add(makeMap("name", "core-admin-read", "role", "user"));
((Map) rules.get("user-role")).put("cio", "su");
((List) rules.get("permissions")).add(makeMap("name", "all", "role", "su"));
permissions = Utils.toJSONString(rules);
checkRules(makeMap("resource", "/admin/cores", "userPrincipal", null, "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CoreAdminHandler(null), "params", new MapSolrParams(singletonMap("action", "CREATE"))), PROMPT_FOR_CREDENTIALS);
checkRules(makeMap("resource", "/admin/cores", "userPrincipal", "joe", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CoreAdminHandler(null), "params", new MapSolrParams(singletonMap("action", "CREATE"))), FORBIDDEN);
checkRules(makeMap("resource", "/admin/cores", "userPrincipal", "joe", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CoreAdminHandler(null), "params", new MapSolrParams(singletonMap("action", "STATUS"))), STATUS_OK);
checkRules(makeMap("resource", "/admin/cores", "userPrincipal", "cio", "requestType", RequestType.ADMIN, "collectionRequests", null, "handler", new CoreAdminHandler(null), "params", new MapSolrParams(singletonMap("action", "CREATE"))), STATUS_OK);
rules = (Map) Utils.fromJSONString(permissions);
List permissions = (List) rules.get("permissions");
//remove the 'all' permission
permissions.remove(permissions.size() - 1);
permissions.add(makeMap("name", "test-params", "role", "admin", "path", "/x", "params", makeMap("key", Arrays.asList("REGEX:(?i)val1", "VAL2"))));
this.permissions = Utils.toJSONString(rules);
checkRules(makeMap("resource", "/x", "userPrincipal", null, "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "VAL1"))), PROMPT_FOR_CREDENTIALS);
checkRules(makeMap("resource", "/x", "userPrincipal", null, "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "Val1"))), PROMPT_FOR_CREDENTIALS);
checkRules(makeMap("resource", "/x", "userPrincipal", null, "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "Val1"))), PROMPT_FOR_CREDENTIALS);
checkRules(makeMap("resource", "/x", "userPrincipal", "joe", "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "Val1"))), FORBIDDEN);
checkRules(makeMap("resource", "/x", "userPrincipal", "joe", "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "Val2"))), STATUS_OK);
checkRules(makeMap("resource", "/x", "userPrincipal", "joe", "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new DumpRequestHandler(), "params", new MapSolrParams(singletonMap("key", "VAL2"))), FORBIDDEN);
checkRules(makeMap("resource", "/update", "userPrincipal", "solr", "requestType", RequestType.UNKNOWN, "collectionRequests", "go", "handler", new UpdateRequestHandler(), "params", new MapSolrParams(singletonMap("key", "VAL2"))), FORBIDDEN, (Map<String, Object>) Utils.fromJSONString("{user-role:{" + " admin:[admin_role]," + " update:[update_role]," + " solr:[read_role]}," + " permissions:[" + " {name:update, role:[admin_role,update_role]}," + " {name:read, role:[admin_role,update_role,read_role]}" + "]}"));
}
Also used :
SchemaHandler(org.apache.solr.handler.SchemaHandler)
SearchHandler(org.apache.solr.handler.component.SearchHandler)
CollectionRequest(org.apache.solr.security.AuthorizationContext.CollectionRequest)
DumpRequestHandler(org.apache.solr.handler.DumpRequestHandler)
CollectionsHandler(org.apache.solr.handler.admin.CollectionsHandler)
CoreAdminHandler(org.apache.solr.handler.admin.CoreAdminHandler)
MapSolrParams(org.apache.solr.common.params.MapSolrParams)
Collections.singletonList(java.util.Collections.singletonList)
LinkedList(java.util.LinkedList)
List(java.util.List)
ReplicationHandler(org.apache.solr.handler.ReplicationHandler)
UpdateRequestHandler(org.apache.solr.handler.UpdateRequestHandler)
HashMap(java.util.HashMap)
Map(java.util.Map)
Collections.singletonMap(java.util.Collections.singletonMap)
Utils.makeMap(org.apache.solr.common.util.Utils.makeMap)
Example 2 with SearchHandler
use of org.apache.solr.handler.component.SearchHandler in project lucene-solr by apache.
the class RequestUtil method processParams.
/**
* Set default-ish params on a SolrQueryRequest as well as do standard macro processing and JSON request parsing.
*
* @param handler The search handler this is for (may be null if you don't want this method touching the content streams)
* @param req The request whose params we are interested in
* @param defaults values to be used if no values are specified in the request params
* @param appends values to be appended to those from the request (or defaults) when dealing with multi-val params, or treated as another layer of defaults for singl-val params.
* @param invariants values which will be used instead of any request, or default values, regardless of context.
*/
public static void processParams(SolrRequestHandler handler, SolrQueryRequest req, SolrParams defaults, SolrParams appends, SolrParams invariants) {
boolean searchHandler = handler instanceof SearchHandler;
SolrParams params = req.getParams();
// Handle JSON stream for search requests
if (searchHandler && req.getContentStreams() != null) {
Map<String, String[]> map = MultiMapSolrParams.asMultiMap(params, false);
if (!(params instanceof MultiMapSolrParams || params instanceof ModifiableSolrParams)) {
// need to set params on request since we weren't able to access the original map
params = new MultiMapSolrParams(map);
req.setParams(params);
}
// params from the query string should come after (and hence override) JSON content streams
String[] jsonFromParams = map.remove(JSON);
for (ContentStream cs : req.getContentStreams()) {
String contentType = cs.getContentType();
if (contentType == null || !contentType.contains("/json")) {
throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "Bad contentType for search handler :" + contentType + " request=" + req);
}
try {
String jsonString = IOUtils.toString(cs.getReader());
if (jsonString != null) {
MultiMapSolrParams.addParam(JSON, jsonString, map);
}
} catch (IOException e) {
throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "Exception reading content stream for request:" + req, e);
}
}
// append existing "json" params
if (jsonFromParams != null) {
for (String json : jsonFromParams) {
MultiMapSolrParams.addParam(JSON, json, map);
}
}
}
String[] jsonS = params.getParams(JSON);
boolean hasAdditions = defaults != null || invariants != null || appends != null || jsonS != null;
// short circuit processing
if (!hasAdditions && !params.getBool("expandMacros", true)) {
// nothing to do...
return;
}
boolean isShard = params.getBool("isShard", false);
Map<String, String[]> newMap = MultiMapSolrParams.asMultiMap(params, hasAdditions);
// The parameters we extract will be propagated anyway.
if (jsonS != null && !isShard) {
for (String json : jsonS) {
getParamsFromJSON(newMap, json);
}
}
// first populate defaults, etc..
if (defaults != null) {
Map<String, String[]> defaultsMap = MultiMapSolrParams.asMultiMap(defaults);
for (Map.Entry<String, String[]> entry : defaultsMap.entrySet()) {
String key = entry.getKey();
if (!newMap.containsKey(key)) {
newMap.put(key, entry.getValue());
}
}
}
if (appends != null) {
Map<String, String[]> appendsMap = MultiMapSolrParams.asMultiMap(appends);
for (Map.Entry<String, String[]> entry : appendsMap.entrySet()) {
String key = entry.getKey();
String[] arr = newMap.get(key);
if (arr == null) {
newMap.put(key, entry.getValue());
} else {
String[] appendArr = entry.getValue();
String[] newArr = new String[arr.length + appendArr.length];
System.arraycopy(arr, 0, newArr, 0, arr.length);
System.arraycopy(appendArr, 0, newArr, arr.length, appendArr.length);
newMap.put(key, newArr);
}
}
}
if (invariants != null) {
newMap.putAll(MultiMapSolrParams.asMultiMap(invariants));
}
if (!isShard) {
// Don't expand macros in shard requests
String[] doMacrosStr = newMap.get("expandMacros");
boolean doMacros = true;
if (doMacrosStr != null) {
doMacros = "true".equals(doMacrosStr[0]);
}
if (doMacros) {
newMap = MacroExpander.expand(newMap);
}
}
// Set these params as soon as possible so if there is an error processing later, things like
// "wt=json" will take effect from the defaults.
// newMap may still change below, but that should be OK
SolrParams newParams = new MultiMapSolrParams(newMap);
req.setParams(newParams);
// For example json.command started to be used in SOLR-6294, and that caused errors here.
if (!searchHandler)
return;
Map<String, Object> json = null;
// Handle JSON body first, so query params will always overlay on that
jsonS = newMap.get(JSON);
if (jsonS != null) {
if (json == null) {
json = new LinkedHashMap<>();
}
mergeJSON(json, JSON, jsonS, new ObjectUtil.ConflictHandler());
}
for (String key : newMap.keySet()) {
// json.nl, json.wrf are existing query parameters
if (key.startsWith("json.") && !("json.nl".equals(key) || "json.wrf".equals(key))) {
if (json == null) {
json = new LinkedHashMap<>();
}
mergeJSON(json, key, newMap.get(key), new ObjectUtil.ConflictHandler());
}
}
// implement compat for existing components...
if (json != null && !isShard) {
for (Map.Entry<String, Object> entry : json.entrySet()) {
String key = entry.getKey();
String out = null;
boolean arr = false;
if ("query".equals(key)) {
out = "q";
} else if ("filter".equals(key)) {
out = "fq";
arr = true;
} else if ("fields".equals(key)) {
out = "fl";
arr = true;
} else if ("offset".equals(key)) {
out = "start";
} else if ("limit".equals(key)) {
out = "rows";
} else if (SORT.equals(key)) {
out = SORT;
} else if ("params".equals(key) || "facet".equals(key)) {
// handled elsewhere
continue;
} else {
throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "Unknown top-level key in JSON request : " + key);
}
Object val = entry.getValue();
if (arr) {
String[] existing = newMap.get(out);
List lst = val instanceof List ? (List) val : null;
int existingSize = existing == null ? 0 : existing.length;
int jsonSize = lst == null ? 1 : lst.size();
String[] newval = new String[existingSize + jsonSize];
for (int i = 0; i < existingSize; i++) {
newval[i] = existing[i];
}
if (lst != null) {
for (int i = 0; i < jsonSize; i++) {
Object v = lst.get(i);
newval[existingSize + i] = v.toString();
}
} else {
newval[newval.length - 1] = val.toString();
}
newMap.put(out, newval);
} else {
newMap.put(out, new String[] { val.toString() });
}
}
}
if (json != null) {
req.setJSON(json);
}
}
Also used :
SearchHandler(org.apache.solr.handler.component.SearchHandler)
MultiMapSolrParams(org.apache.solr.common.params.MultiMapSolrParams)
IOException(java.io.IOException)
ModifiableSolrParams(org.apache.solr.common.params.ModifiableSolrParams)
ContentStream(org.apache.solr.common.util.ContentStream)
ModifiableSolrParams(org.apache.solr.common.params.ModifiableSolrParams)
MultiMapSolrParams(org.apache.solr.common.params.MultiMapSolrParams)
SolrParams(org.apache.solr.common.params.SolrParams)
List(java.util.List)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
SolrException(org.apache.solr.common.SolrException)
Aggregations
List (java.util.List)2
Map (java.util.Map)2
SearchHandler (org.apache.solr.handler.component.SearchHandler)2
IOException (java.io.IOException)1
Collections.singletonList (java.util.Collections.singletonList)1
Collections.singletonMap (java.util.Collections.singletonMap)1
HashMap (java.util.HashMap)1
LinkedHashMap (java.util.LinkedHashMap)1
LinkedList (java.util.LinkedList)1
SolrException (org.apache.solr.common.SolrException)1
MapSolrParams (org.apache.solr.common.params.MapSolrParams)1
ModifiableSolrParams (org.apache.solr.common.params.ModifiableSolrParams)1
MultiMapSolrParams (org.apache.solr.common.params.MultiMapSolrParams)1
SolrParams (org.apache.solr.common.params.SolrParams)1
ContentStream (org.apache.solr.common.util.ContentStream)1
Utils.makeMap (org.apache.solr.common.util.Utils.makeMap)1
DumpRequestHandler (org.apache.solr.handler.DumpRequestHandler)1
ReplicationHandler (org.apache.solr.handler.ReplicationHandler)1
SchemaHandler (org.apache.solr.handler.SchemaHandler)1
UpdateRequestHandler (org.apache.solr.handler.UpdateRequestHandler)1
